Dec 29 2014

Are Hospital Hacks “The Next Big Thing”?

As 2014 winds down, there is little doubt that the hacking activity surrounding Sony is one of the top headlines of the year. That breach has caused tremendous amounts of disruption and loss, and a month after word of the hack first came out the company is still reeling. But, Sony is a big fat corporate target, and no hacker could ever really unleash that kind of Hell on an average user, right? Maybe. Maybe not.

In this day and age it is imperative to remain ever vigilant, and each of us has quite a bit of usable and quite valuable information. Whether it is financial information or personal information useful in carrying out identity thefts, we all have it, and it’s all at risk. What better way to underscore this than to discuss a recent hack of PHI from a hospital in the midwest. The hospital received an e-mail from someone, containing personal health information relevant to patients-and demanded a ransom or else they’d leak it.

If that doesn’t spook you a bit, perhaps this will. Just recently, MIT opined that 2015 could very well be “The Year of the Hospital Hack”.

If you wonder why, you shouldn’t. Hackers like soft targets, and many hospitals are exactly that. Many are undergoing a migration from paper to digital record keeping, meaning more and more bits of personal information are being made available. Especially when you keep in mind that, during such conversion projects, securing the data is not always at the top of the list-or even on the list. Unfortunately, making this newly available data secure is often an afterthought.  Something else to consider-with health care costs rising, hospitals are facing tighter budgets. This means things get scaled back or eliminated, or delayed. Sometimes, that means a major hit in the IT budget. Securing a vast infrastructure is not cheap, but it is vital. It’s also something many decision-makers don’t appreciate until after the fact. Just like the Sony hack has many firms re-evaluating their information security budget, it may take a massive and disastrous hack of a hospital system before many truly get serious about security.

In the meantime? Remain mindful of your own data and what is out there. You may not know where the next threat will come from, but you do know one will be coming.