You know how Einstein said “I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones?”
Well, now we know the answer to the first part of the sentence as well. It will be fought almost solely with the help of cyber weapons. Growing evidence of cyber attacks on everything from mobile phones and smart cars to pacemakers and even entire electrical grids suggests that we might not be far from the time when wars will be waged more in the virtual realm and less in the physical one. I certainly hope that scenario never comes true. So for the time being let’s talk less about warfare and more about healthcare and the way it has been affected by the emergence of cyber pirates.
With the digitalization of more and more government structures, it’s anything but surprising that they have become a tasty target for cyber pirates. The Government Accountability Office issued a statement indicating that security accidents have increased by 650% in just the 5-year period between 2006 and 2010. This trend has not spared healthcare institutions. In fact, that’s where it is most prevalent. According to one study, 94% of polled institutions have been victims of data breach in the two years preceding the study. All this prompted the FDA to issue a statement last month in which it urges medical device manufacturers and healthcare institutions to “take steps to ensure that appropriate safeguards are in place to reduce the risk of failure due to cyber attack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.”
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
You might not be overly upset if someone got a hold of your last X-rays, but data breaches have numerous implications for your security and finance as well. In 2012, the top three targets of cyber attacks were as follows: medical details, billing and insurance records, and payment details. This means that someone can remotely access sensitive data about you – not just your medical diagnoses and treatment, but credit card information and social security number. The good news is that the biggest of these breaches were due to human error and not the result of a sophisticated online attack. Experts that have been charged with investigating the digital security of healthcare facilities say it is missing some very basic security measures and some of them can be fixed with better staff training.
But here’s the scarier part. Cyber attacks have been linked to attacks on devices you might not have considered to be reachable “online”. Such is the case with pacemakers and insulin pumps. With some software help, a malicious hacker can send a radio signal mimicking a medical transmitter. If there is a pacemaker within its range, the device will respond with its model’s number and sometimes with its serial number. An electronic device’s serial number is essentially equal to its username and password, which means the said pacemaker will be in the hands of the hacker. And that holds true for more than 300 electronic devices, which the FDA has identified as vulnerable to cyber attacks. And you can imagine what the scenario would look like if a malicious cyber intruder was to get hold of a hospital’s entire grid system. This makes it essential for medical manufacturers and healthcare facilities to work closely together to minimize as much as possible the risk their patients are facing.
And while these security measures are being figured out, there are certain steps you can take to protect your data. Most importantly, always back up your records on an encrypted medical USB drive that is used for this and this purpose only. Another thing you can do is to make sure your healthcare provider has adopted the FTC Red Flags Rule, which are designed to prevent identity theft. And finally, don’t trust your medical bill blindly. Inspect each service carefully and call your insurer if you notice something odd.
