Medical Data: Life or Death?
By Anna Allgaier
As technology advances and we begin to share more digitally, the skills and abilities of hackers follow suit. The benefits of sharing our health data overshadow the perils, but our reasons for concern are justifiable. The more we share our data, the more we subject ourselves to risk. As DefCon Hackers, Christian Dameff and Jeff Tully stated “the rapidly enlarging technologic foundation of health care, from electronic medical records to telemedicine, will surely come at a high cost- endangering our privacy, security and potentially even our very lives.”
There is no data more personal, or more sensitive, than our health data. The hacking of our medical files would reveal everything from our home address, social security number and card details, to our health status, medication records and treatment data. Healthcare data is currently the most valuable and sought after form of personal data on the Black Market. The information made available via these hacks could take identity theft to an alarming level.
So far, the largest healthcare hack we have seen targeted US Health Insurance providers, Anthem. An estimated 70-80 million current and former members were affected by the breach. According to Cyber Security firm Mandiant, “243 is the median number of days advanced attackers are on the network before being detected.” Mandiant’s annual report, also opened our eyes to the fact that 100% of breaches include stolen credentials, 100% of victims have up to date anti-virus software and, 69% of breaches are reported by third parties (only 31% of breaches were detected internally). So, how vulnerable does this make us? Firstly, we need to consider that there are data privacy laws that ensure our health data is protected to the highest standard. Secondly, only 6% of hacks in 2014 targeted the healthcare industry.
However, as WIRED author, Chris Morris pointed out, the modification of “something like a decimal point in a drug prescription in a computer system” could kill. This is where medical hacks distinguish themselves from business hacks. The damage they can cause is far more sophisticated. “With the Sony hack, an entire corporation was taken completely down. Nobody could go to work. If you do that to a hospital, people die.”
It’s not just our Medical data that can be corrupted; it’s our medical equipment too. Tamara Bonaci, (a researcher at the University of Washington) and her colleagues recently discovered that it was possible to hack into a robot during Telesurgery. The hacker would then be able to control the machine, or bring the procedure to a halt altogether. Homeland Security in the US are also looking into the hacking possibilities behind wireless devices such as pacemakers, drug delivery pumps and neurostimulators. As daunting as this may sound, a malicious attack of this nature has not yet occurred but prevention research has.
“With great risk, comes great reward.” Sharing our health data is changing our future for the better. It creates possibilities by furthering research and, most importantly, enables the more accurate treatment of individuals. Hacking is not something that can be prevented anymore and it can happen to anybody. This was made ironically clear by recent targets ‘Hacking Team’ (an Italian company specialising in controversial spyware for governments). As we continue to move forward, healthcare providers are going to have to invest in creating a safer environment for our data. Whether it is through safer passwords, the encryption of data or simply the improvement of IT security. The methods and knowledge of advanced hackers are developing daily and it is crucial that we keep up with them, no matter how difficult a task this may become.
Our private i exhibition will take place at 31 New Inn Yard, EC2A 3EY and will be on from Friday 25th – Monday 28th September, 10am – 6pm.