Protecting Patient Data: The Battle Against Cybercrime in Our Hospitals




A hospital network is made of many parts: computers, servers, printers, routers, switches, and  storage systems. Dangerous computer hackers with bad intentions set out to find a device they can hijack to gain access to rule them all.


Organizations do not want everyone to have the ability to access their devices, but hackers often find a way to take over the device and steal user passwords and private data. Privacy is important in a hospital network, because patients give hospitals their contact information, insurance details, credit cards, and private health information. If a hacker were to steal patient records, they could find out sensitive details about the patient that may be private. The patient may not want the public to know their diagnosis, or the hacker may use their credit card information to access their bank account.


When people check into a hospital, they trust that their information is private and protected. People want to feel safe, and they want the private details of their lives to remain private. If a malicious hacker were to post a patient's private details online, the patient would likely feel embarrassed and betrayed. They may even avoid going to the hospital if they feel everyone in the world will know what they tell their doctor. 


Hospitals use security measures like VPN, IDS/IPS, load balancers, and web application firewalls to protect their networks. They monitor the users on their website and search for signs that a dangerous hacker is trying to steal the data. When they send data over the network they send it as a scrambled message to make it harder for a hacker to capture and read. They monitor the internet connection to see if the hacker is traveling through tunnels to steal the data. They even ask users to use special accounts with hard to guess passwords to keep the hacker at bay. Even with all their sophisticated security measures, hackers often break through the network and steal patient data.


Our government believes that users have a right to keep their health information private. They created a special federal law called HIPAA to require organizations to treat health information with respect to patient privacy. HIPAA sets a legal standard for protecting health information and requires organizations to have security measures to keep the health information private from malicious hackers and the general public. 


IT professionals created a list of common attacks called OWASP to help hospitals protect themselves from hackers, and they created frameworks like ISO, NIST, and CIS with diagrams and guidelines to explain the most secure ways to design a network. 


Some people may question if it is important to use a password that they struggle to remember. They may not want to use multi-factor authentication with their phone or email because it takes extra time. While it may seem security measures are small, they protect the public from a malicious hacker stealing their information. 


Recently in 2024, malicious Russian hacker groups Killnet and BlackCat have targeted hospitals, healthcare providers, and pharmacies in retaliation for aid given to Ukraine. These widespread attacks across 90 organizations with Killnet and 2.2 million patients with BlackCat confused hospitals and made it difficult for them to communicate, putting patients at risk. Their private data was stolen and millions of dollars in damages hurt the healthcare system.

Similarly in 2023, the state-backed malicious Chinese hacker group Iron Tiger targeted government devices affecting 1.2 million customers and stealing their data. 


While these attacks may seem far away from everyday interactions, millions of Americans are affected by cybercrime every single day. Patient care can be disrupted. Medical devices, such as pacemakers, pneumatic tube systems, or infusion pumps can be hacked. Batteries can be depleted, or unauthorized access to medication devices can cause overdose. Patient identities can be stolen. Malicious hackers can open bank accounts in their name, and drain their bank account. Patient health records can be released embarrassing patients. Some patients can even be blackmailed to keep their information private. 


In order to create widespread change, the average person needs to begin to care about security and stand up to their privacy being discarded by malicious actors that are out to hurt Americans. To take additional steps to protect your private data, you can use strong passwords and multi-factor authentication. Only access your health information from private home networks instead of public WiFi networks. Never give others access to your private information or devices. Use a VPN to secure your internet connection. Never give your private information over the phone. By taking these steps, you can increase the likelihood your internet activity will remain private. 


Update your software regularly, and avoid clicking on links from untrusted websites when browsing the internet. Do not download software if it’s not from the vendor's website directly. Avoid clicking links in your email from trusted or untrusted parties because sometimes the link reads one way but sends you somewhere else. Instead, if the link is a trusted website, enter the address into the search bar manually. 


In order for real change to happen, the government will need to step in where other governments have overstepped. The community needs to make security a priority and ask the government for stronger policies and legislation. The American government should have a plan when other governments inflict cyber attacks on Americans. While laws allow Americans to monitor and respond to their credit reports, Americans need more avenues to protect themselves against professional cybercriminals.


Reference:


Benardo, T. (2023, October 3). Secure Healthcare Information Network System Design & Implementation |Enterprise Network Project #11. Gurutech Networking Training. https://www.youtube.com/watch?v=nlKu93Gb6GQ

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more