Jeff Rowe, Editor, Future Care

Jeff Rowe is the editor of Future Care and a veteran healthcare journalist and blogger who has reported extensively on initiatives to improve the healthcare system at the local, regional and national level.

Security survey reveals global scale of healthcare data hacks

February 16, 2017 AT 10:19 PM

How many hacks of healthcare organizations were there in the last three months of 2016? More than 700,000.

That’s according to a study of 450 providers around the world by the threat intelligence arm of cybersecurity vendor Fortinet.

“By far, the most interesting trend we have seen is Internet of Things-based attacks,” Derek Manky, global security strategist and head of the FortiGuard Labs global threat research team at Fortinet, recently told HealthcareIT News. “These are attacks not going after traditional Windows-based PCs or Internet Explorer but rather the No. 1 attacks specifically in healthcare have been against an operating system called VxWorks. We saw about two million attempts to hack into this system in Q4 2016. This runs on medical devices and infusion pumps and personal monitors, these sorts of things, and that’s really concerning.”

So how should healthcare organizations respond?

In a separate blog post, Manky argues that honesty is, in fact, the best policy. “When looking back at what went right in 2016,” he says, “my mind goes to the Johnson and Johnson insulin pump case, where more than 100,000 patients were using devices that had security vulnerabilities. In response to these findings, Johnson and Johnson publicly admitted the problem and vowed to take the appropriate course of action to secure these devices.”

Fortinet will be discussing the results of this study, among other things, next week at the 2017 HIMSS Conference and Exhibition. Manky advises HIMSS attendees with cybersecurity on their minds keep one important concept on their minds: visibility.

“Too often the enemies of security are invisible, they are not seen and there is a false sense of security,” he said. “Just because you do not see anything doesn’t mean your network is fine. I would say start with visibility, looking into things like SIEM for configuration on devices. And we have a free program for cyberthreat assessment on networks. The mistake is traditionally people try to build up security against an invisible enemy. First you have to find out what is happening in your vertical and then build the proper security solutions against that.”

HIMSS17 runs from Feb. 19-23, 2017 at the Orange County Convention Center.