How devices are hacked
So, how does this all happen? How do devices get hacked and networks get hijacked? It typically requires someone inadvertently providing access to the network. This can happen if someone uses an infected thumb drive on a hospital computer, downloads a seemingly benign plug-in to give new features to a web browser, or simply responds to a “phishing” email (when a user is sent an official-looking email and enters protected information, which is routed to someone with sinister intent).
As ob/gyns increase their online presence by including our places of work on LinkedIn, Facebook, etc, posting pictures of ourselves at work on social media, and leaving other proverbial bread crumbs on public sites about what we do and where and when, we make ourselves vulnerable to targeted attacks. Hackers comb the Internet looking for tidbits about us and then use that information to target us. These attempts at contact can be in the form of an unsolicited Facebook friend request, an email with an attachment, a survey that leads to a website, or even a “free trial” of a program that requires a download. And because we network our devices (by using Gmail/Google Calendar, iCloud, Dropbox, etc), gaining access to one of them is usually all that is needed to gain access to multiple devices.
What you can do
We must be hypervigilant about protecting not only our patients, but also ourselves. Whatever information we have online is potentially accessible to anyone who wants it. Inadvertent ransomware (that allows someone to take control of a network in return for a ransom), hackable connected devices (defibrillators, PET scanners, IV pumps), and cloud-based computing are all risk factors.
Changing passwords frequently, using 2-step verification (whereby you enter your password and then are asked for a separate code that is sent to your phone via text, voice call, or app), updating security software (do not decline recommended computer updates), and having an overall sense of wariness when using the Web will keep you and your patients protected from what is likely the biggest threat to American healthcare in 2017.
1. Food and Drug Administration. Postmarket Management of Cybersecurity in Medical Devices. Guidance for Industry and Food and Drug Administration Staff. December 28, 2016.
2. Food and Drug Administration. Cybersecurity Vulnerabilities of Hospira Symbiq Infusion System: FDA Safety Communication. July 31, 2015.
3. Balakrishnan A. The hospital held hostage by hackers. http://www.cnbc.com/2016/02/16/the-hospital-held-hostage-by-hackers.html. February 16, 2016.
4. Hollywood Presbyterian Medical Center pays hackers $17K ransom. http://www.nbcnews.com/tech/security/hollywood-presbyterian-medical-cent.... February 16, 2016.