Healthcare ITNews presents
- Connect with US
Health information exchange requires the ability of different networks, systems, and devices to share electronic data. But “connectedness” brings with it an element of risk: All networks and devices have points of entry (through which data is transmitted) that are vulnerable to breaches.
In an interview with Healthcare IT News Managing Editor Bill Siwicki, U.S. Cyber Consequences Unit chief economist Scott Borg says that when devising a cybersecurity strategy, healthcare IT professionals must be able to identify which parts of their systems are prime targets for cyber criminals.
Further, Borg says, healthcare IT pros must stay current regarding emerging threats and understand the motives of attackers.
“The first step in the economics of cybersecurity is paying attention to what your hospital or clinic is actually doing,” Borg says. “Executives will immediately see that a lot of things they are protecting do not really deserve a lot of attention and are not things attackers are likely to go after. Meanwhile, they will also see that other systems are both totally important to their organization and are prime targets for the attackers of the near future.”
Armed with this information, healthcare security pros can devise a strategy customized to their enterprises, according to Borg. This ability, he says, “is becoming really critical because of things like the Internet of Things and the new attention to industrial control systems are about to enormously expand the kinds of attacks that hospitals and clinics are going to suffer.”
“The Internet of Things is the big new worry, but healthcare executives need to think about why someone would want to attack these devices in a clinic or hospital,” Borg tells Siwicki.
Financial motivation for an attack can go beyond a ransom demand, he says.
“Hackers can attack an organization in order to bet in the financial markets that a given stock will go down after an attack and attack that entity in a really conspicuous way,” Borg explains. “And when the stock drops as the result of the attack, the attackers can invest in the stock as the stock falls. They then can multiply an investment by hundreds of times. And that suddenly means some health systems will need to worry about things they did not need to worry about until now.”