Going on three years later, the WannaCry attack is still a painful memory for the IT profession. It wasn’t “just” the havoc that it caused or the lives it put at risk, or the fact that it was entirely preventable.
It was and is the knowledge that the attack could have been so much worse. The WannaCry attack was all about carnage; it was not about data theft in its many and various forms (e.g. including ransomware attacks where the victim has to pay to retrieve their data).
This is, or should be, a major concern for anyone involved in healthcare.
Why the healthcare industry is a prime target for cybercriminals.
The key point to understand about cybercrime is that it basically comes in two forms, financially-motivated and ideologically-motivated and healthcare data is a prime target for both forms of criminal. Its appeal to the former can be summarized in the old saying “your money or your life”.
If a cybercriminal can take control of information which, quite literally, has a life-or-death impact on a patient, then they can quite reasonably expect that patient to pay whatever it takes to get it back.
Its appeal to the latter can also be its financial value, criminal organizations need to get funds from somewhere, but it can also be the way it can be used as leverage to control an individual.
For example, just as people will probably pay whatever it takes to get their data back, so people could potentially be “persuaded” to do whatever it takes to get their data back.
Alternatively, sensitive healthcare data could be used as a means to blackmail people, for example, people routinely discuss the health of politicians when they are running for or in office.
The basics of keeping healthcare data secure
There is still a heavy reliance on paper
Healthcare, however, is somewhat different. While many types of document can be successfully digitized other types of documents pose technical challenges and it can often be safer to keep these documents in paper format than to risk being unable to defend a legal challenge further down the line. CTG traces are a prime example of this.
Although these technical challenges may be overcome in future (or the legal issues rendered irrelevant by the passage of time), for the present, the need to secure paper is likely to remain a major issue for the healthcare industry.
Limited IT facilities encourage the use of personal devices
The state of IT in the NHS can be reasonably demonstrated by the fact that it was still using Windows XP in 2017, even though Microsoft officially discontinued support for it in 2014.
It is therefore hardly surprising that medical staff often prefer to use their own devices as much as possible. Given NHS budgetary considerations, it may be easier to focus on making this as safe as possible, than to try to end the practice.
Don’t get left behind; Get in touch
If you’re a healthcare practice and believe you could be doing more to protect your patient and staff data, our services include document storage, document shredding and document scanning to ensure personal and private data is kept secure or destroyed appropriately. Get in touch with our team to find out more.