Essay on Cyber Security Threats in Healthcare Information Systems

Healthcare technology can be said to be the application of knowledge and skills including using machine and equipment, devices, procedures and medicines with the aim of improving the life quality through solving health problems. Healthcare has seen great innovations and growth for the past few decades. This is as a result of the evolution in the field of information and communication technology. Now patients and physicians can witness the benefits of digital systems having the ability to allow patients access their health information through the portals and giving the healthcare provider the ability to share patient's information widely for better results.

The healthcare sector cannot deliver efficient and safe services without the extensive connectivity to the Information communication technology devices. Any insecurity to these devices will tend to betray the patient's safety (Rouleau, et al. 2015). It will betray them to unnecessary risks which may make them end up paying expensive personal cost calling for alternatives where a patient has to make a choice between connectivity to digital healthcare devices or death.

There have been a series of patient data breaches in the U.S. This has led to the government and organizations losing multimillion dollars, increased cases of public mistrust calling for greater government oversight with the main aim being protecting patient information.

According to the FBI's 2014 report, the healthcare sector faces a new enforcement era threat because there is a shift from paper to paper to electronic health record storage, increasing cyber security threats, the financial payout for medical records, bill payments, and other healthcare transactions (McNeal, 2014). According to Chantal Worzala, hospitals, like any other sector connected to the internet have become vulnerable to cyber security threats. This calls for hospital management to consider incorporating cyber security to their risk management plan.

At this point, it would be necessary to ask some questions like who is vulnerable to cyber security, what are some of the cybersecurity threat? Every individual playing a role in the healthcare sector is prone to the cyber security threat. This includes patients and hospital employees. Given that people mostly use the same password for personal accounts and the workplace accounts. A choice of good passwords will help to keep people with bad intentions from gaining access to confidential data and information. Thus individuals should consider an informed selection of passwords to secure the medical record systems, payment systems, and clinical systems since hacker are always finding new ways of trying to access to such relevant information to commit their evil intention.

By the year 2014, the cybercriminal attacks in the healthcare institutions had doubled from the previous three years. This is according to the report by the Ponemon Institute. The institute classified medical identities as more valuable possessions than the financial identities. This is because it is easy to monetize the medical information once it is in the hands of the wrong people.

In the KMPG 2015 survey named "healthcare and cyber security survey," 81% of participating heal care managers bare that some cyber security threats compromised information systems within their institutions. Only 53 % of these health care institutions were capable of defending themselves from the cyber-criminal attacks after they have detected the attacks.

Healthcare organizations just like other federal agencies integrate the new systems into their infrastructure in the process of advancing their technology for better patient services. The technology they manage is built over multiple technology waves which make the systems have gaps that may enable people with bad intentions gain access to critical data causing a breach. Since the systems are incorporated, they are vulnerable to both hardware and software vulnerability at the points where they may be linked. This may make it hard for administrators to manage these systems in an effort of protecting them from cyber security threats.

There are various types of cyber security threats that the healthcare information systems face. These include ransom-ware, data breaches, and denial of service attacks, insider threats, and business email compromise scums. Ransomware security attacks are malware attacks that infect the information system database and other stored files making them inaccessible until the ransom is paid to the attacker. An occurrence of this attack in a healthcare facility will slow the institution's critical processes or make these processes completely inoperable. This may force the healthcare facility to start using manual pen and paper records which slow medical processes. On the other hand, the hospital management may decide to pay the ransom. This will cost the institution additional expenditures which were not allocated in the budget and would have been spent in other developments. Hollywood Presbyterian hospital located in California has been a victim of this cyber-attack. The attack resulted in delayed patient care. In the end, the hospital had to pay $17 000 for them to go back to their normal operations, gain access to their databases, financial records, and other necessary files.

The other type of cyber-attack is the data breaches. Penomon Institute conducted some research on cyber-attacks and found that the healthcare sector is the leading sector experience data breach than any other sector. These violations continue being witnessed in the healthcare sector, being caused by various incidences. One primary cause of data breach is malware attacks. The other potential cause of data breach is insider disclosure of patient's or institutions confidential data to an outsider who has bad intentions.

The other cyber-attack that the heal care information systems and healthcare institutions suffer from is the denial of service attacks. These are well known and popular methods being used by hackers and other cyber criminals to overload the organization's network and systems making them unreachable. Given that many healthcare facilities have based their systems providing patient care, communication, records storage, prescriptions, and information access to operate on a network, these institutions may face a hard time offering patient services and ensuring continuous operation in case denial of service attacks occur (Brenner, 2007. The Boston Children Hospital had suffered this attack in 2014. This attack made the hospital experience network outage for a week, rendering patients and the institutional medical personnel unable to access their accounts hosted within the hospital's network. Thus they could not obtain various information. It ended up costing the hospital $300,000 in response to the attack and risk mitigation.

According to the data breach results conducted in the year 2013 in different healthcare facilities, it is evidenced that the most common cause of data breach incidents is loss or theft of unencrypted computing portable devices like laptops. Application of these portable devices in medical and healthcare institutions has accelerated the occurrence of attack and increased security risks in the healthcare industry. According to this survey, 83% of the cases reported saw many cases as a result of theft and loss of laptops and desktops containing relevant institution's data. The most severe case occurred at the Advocate Health and Hospitals where four computers containing approximately four million healthcare records were stolen from the hospital premises. The Community health hospital operator also had its systems hacked which led to the theft of their patient's names and social security numbers.

The connection of healthcare medical devices gives an excellent condition for the management of chronic diseases, improved results, and reduction of the cost incurred due to reduced visits by the doctor, reduction in response time, and less cost of care (Collins, 2008). However, the use of these connected devices has met cyber security threats in the past few years since attackers are always finding new ways to conduct attacks. This calls for the need to build and include security mitigation techniques and mechanisms during the design and development of these devices. Manufacturers should embrace robust technology for monitoring and control of devices to ensure they possess strong security standards.

There have been increased warning and call for the healthcare institutions to boost and improve their information system security measures. The FBI released a notice to the organizations and companies working in the field of healthcare. Alerting them on the possible increased cases of cyber-attacks on the healthcare industry especially attacks targeting at obtaining the Personal Identifiable Information and Intellectual Property on medical care devices and equipment.

For the healthcare institutions to achieve maximum security in their information systems, they should design and implement effective working policies. They should select a team of information system security experts who would be conducting the risk assessment in the current systems. This will include assessing the most important, essential and core to organization's mission and objectives. The resources that are extremely vital for an organization to continue operating. The assets identified should then be protected to ensure they are secure, some of them including the patient information databases, employees, and financial records databases which would have a direct impact on the institution's operation if they are compromised or stolen.

Healthcare institutions should also perform security audits to determine their systems security posture and identify the technologies they should consider employing and adapting to secure their patients' and organization's data. These audits should consider different perspectives, how systems are maintained, compatibility of the existing system with newly introduced systems, and the frequency of patching the system. The audit should also consider employing monitoring systems to monitor the healthcare systems and networks. These systems should monitor the logs IDs, IP addresses, as well as have intrusion detection capabilities for them to detect threats before they turn into a breach.

Since the challenge is likely to grow over time, healthcare device manufacturers should develop common standards which should impact security in the connected medical devices. The standards should elaborate how security is integrated into these devices.

In conclusion, there is a probability that cyber security threats are likely to continue increasing as a result of increased adoption of technology in the health care sector. This calls for the healthcare providers to continue improving and conducting security audits to their information systems. The cyber security plan should be given a high priority to ensure that necessary measures are taken to prevent, arrest, and mitigate data breach incidence in case they occur.

References

Rouleau, G., Gagnon, M. P., & Cote, J. (2015). Impacts of information and communication technologies on nursing care: an overview of systematic reviews (protocol). Systematic reviews, 4(1), 75.

McNeal, M. (2014). Hacking health care. Marketing health services, 34(3), 16-21.

Collins, A. S. (2008). Preventing health careassociated infections.

Brenner, S. W. (2007). At light speed": attribution and response to cybercrime/terrorism/warfare. The Journal of Criminal Law and Criminology, 379-475.