Health ‘prime target’ for cybercrime
The increasing adoption of electronic medical records and billing systems has made the health sector a prime soft target for cybercriminals, the World Medical Association has warned.
Delegates at the WMA’s General Assembly in Taipei were told that cybercrime had become “a real threat”, with some hospitals already being hacked on a regular basis – including, on occasion, being blackmailed for money.
“Cyber security threats are an unfortunate reality in an age of digital information and communication,” the WMA said in a statement adopted by the Assembly. “Attacks on critical infrastructure and vital assets of public interest…are on the rise and pose a serious threat to the health and wellbeing of the general public.”
It warned that the proliferation of electronic health records and billing systems meant the health sector was “especially susceptible to cyber intrusions and has become a prime soft target for cybercriminals”.
Hospital information and practice management systems could become “gateways” for cybercriminals, putting the electronic medical and financial records of patients at risk and even opening the way to “increasingly sophisticated system breaches that could jeopardise the ability to provide care for patients and respond to health emergencies”.
The WMA’s warning echoes concerns about information security identified by the AMA in its Position Statement on Shared Electronic Medical Records issued earlier this year.
In the Position Statement, the AMA warned that the adoption of electronic medical records needed to be accompanied by measures to ensure their safety and security.
The WMA said current security procedures and strategies in the health sector had generally had not kept pace with the volume and magnitude of cyberattacks.
Despite the scale of the threat, many health care providers were devoting insufficient money and resources to the problem, and many lacked the expertise to detect a cyberattack, let alone prevent or address it.
The Association called on governments, policymakers and health providers to work with national cyber security authorities and collaborate internationally to anticipate and defend against such attacks.
It said providers should develop comprehensive systems to detect and prevent security breaches and, where they occurred, have a prepared and robust system of response that includes notification, remedial action and insurance.
Acknowledging that such an investment of time and resources may be beyond many smaller operators, the WMA said governments and provide bodies should provide support to overcome these limitations.
The WMA statement can be viewed at: http://www.wma.net/en/30publications/10policies/c15/index.html