The lack of a universal “best practice” plan and a decentralized system could leave the US healthcare industry vulnerable to a cyber attack.
The health care system in the United States relies heavily on the storage and processing of information via the Internet. This $2.5 trillion industry is at an ever increasing risk of a cyber-terrorism attack if the right security is not in place. An attack could have far-reaching consequences from affecting patients’ privacy to jeopardizing lives.
In an article entitled, Cyberterrorism: Is the U.S. Healthcare System Safe?, the authors explore the risks of a cyber terrorism attack on health care targets. They predict what an attack might look like, suggesting it would occur in waves over a period of weeks, leaving healthcare staff untrusting of electronic data. The article also examines why the health industry would be a target and what it is currently doing to protect itself.
The article’s authors, David Harries and Peter Yellowlees point out that the degree to which an organisation is affected by cyber attacks depends on the level of security present. The health care sector is particularly difficult to protect against this type of attack. This is partly due to the healthcare industry being comprised of many “decentralized and loosely coupled organizations”, most of which are small compared with those found in such sectors as financial services.
The article recommends healthcare organisations should employ a multiple layered defence to protect themselves against current and future threats. Organisations should also perform regular security checks and implement secure prevention and detection programmes. Aside from external threats, companies need to have precautions in place to deal with internal factors such as disgruntled (ex-)employees. This risk group accounts for 70% of computer related criminal activity.
Kevin Cunningham concluded in his article, Cyberterrorism: Are We Leaving the Keys Out?, that effective protection from cyber-terrorism comes down to three main ingredients: the right combination of people, processes, and technology.