RSNA 2017: Ransomware market is worth $1B—are you secure?

As cyberattack become increasingly common incidents, healthcare professionals must push security to the forefront. In a presentation given at the annual meeting of the Radiological Society of North America (RSNA) in Chicago, Jim Whitfill, CMO of innovation Health Partners and president of Lumetis, described the current cybersecurity environment and detailed how professionals can take steps toward improving privacy.

This year, the ransomware market is projected to earn as much as $1 billion a year—a dramatic increase from only $24 million in 2016. Additionally, the $50 value per medical record vastly outweighs the value of other stolen information. Email information, for example, is sold for about $5 per account.

Whitfill warned of an impending massive cyberattack, much like WannaCry, if healthcare information security doesn’t improve. A key to fighting such threats starts with understanding the shortcomings of healthcare IT security, identifying adversaries and developing comprehensive security programs.

Whitfill discussed common security concerns such as operational security gaps, unpatched software, lack on encryption and authentication, and application vulnerabilities. Today’s hostile online environment is host to a number of threats to healthcare cybersecurity. In his presentation, Whitfill explained how hacking has become an easily learnable skill with the unlimited resources being posted on sites like YouTube.

As it stands now, the state of healthcare security has room for improvement in both the hospital and medical device setting. Healthcare organizations spend an average of 4 to 6 percent of IT budget on security, a much lower percentage when compared the 12 to 15 percent investment of the financial industry. The low funding by healthcare organization may explain why 94 percent of medical institutions have experienced a cyberattack. Unfortunately, the security of medical devices is also neglected because most vendors are stuck trying to find skilled developers and build security awareness.

Possible actions in reducing the risk of cybersecurity threats include the setting of security standards that are concise, risk based and could be used as a template for reviewers, vendor questions and risk determination. Setting minimum standards to prioritize high-risk attributes would also help decrease threats while streamlining the security process. Overall, developing an all-inclusive security program would contain an in-depth defense strategy, network segmentation of medical devices and continuous education for employees.

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

The newly cleared offering, AutoChamber, was designed with opportunistic screening in mind. It can evaluate many different kinds of CT images, including those originally gathered to screen patients for lung cancer. 

Trimed Popup
Trimed Popup