Healthcare Security: A Patient Safety Issue
The University of California Cyber Team conducted an international study in which healthcare organizations and vendors reported that as many as 100 to 1,000 patients have experienced adverse events from compromised healthcare infrastructure cybersecurity events such as ransomware, malware, compromised EHRs, or an attack on facility systems. The study also found that 80 percent of survey respondents reported that risks in medical devices are higher than what the FDA reports.
This is no joke. Patients can face dire, potentially life-threatening consequences in the event that their medical devices are hacked. To demonstrate the severity of this situation, Christian Dameff, UC San Diego researcher and emergency room doctor, and Jeffrey Tully, UC Davis security researcher and pediatrician, simulated what could happen if a patient’s pacemaker is hacked.
In the demonstration, the “patient” presented signs of chest pain to a team of nurses and doctors. The team went through normal procedures to treat the patient, however, the compromised pacemaker malfunctioned and routine attempts to use a magnet to fix the problem didn’t work. As a result, the patient kept “dying and coming back to life” because the hacked pacemaker continuously shocked the patient at the wrong time.
Another concerning discovery in the demonstration was that the clinicians who took part in the simulation were completely unaware that the device had been compromised. The clinicians were also asked if they knew what to do if a device was hacked – the consensus was no. The team had never been trained in responding to hacking medical devices.
Though this was just a demonstration, we can’t deny that hospital cyberattacks have proven to be deadly. In our previous blog post, we discussed how hospital data breaches can have direct impact on mortality rates. Following a data breach, doctors are so preoccupied with remediation activities that patients experience a drastic decline in quality care.
Here at etherFAX, we have implemented multiple defense-in-the-depth strategies to ensure secure communications and improve patient care. With over six million connected endpoints, the etherFAX Secure Exchange Network (SEN) is the world’s largest ecosystem supporting every major fax server, application and fax-enabled device. As a fully HIPAA compliant fax service, etherFAX SEN has the ability to route documents and faxes to other etherFAX peers within the etherFAX network to ensure sensitive data and PHI is never transmitted through an external telephone network.
To securely transfer information between two endpoints, etherFAX SENx utilizes well-defined end-to-end encryption methods such as those defined in the Elliptic Curve Integrated Encryption Scheme (ECIES). The hybrid encryption scheme uses Elliptic Curve Cryptography to generate a shared secret between peers to seed the encryption process with unique keying material while signing and authentication mechanisms assure the validity of the data in transit.
If you’re looking to protect your healthcare organization against potential cyberattacks, contact us today!