Cybersecurity integration with healthcare

Introduction

Data threats are defined as attempts to access information through unauthorized access like the use of viruses and worms capable of performing specific programmed tasks. The networks that integrate make up the internet are not adequately protected hence the introduction of cybersecurity in technology to protect the information on the internet. The techniques involve protecting computers and networks from threats and attacks from unauthorized access where incidences are targeted at data exploitation. The occurrences sometimes deny users the services of accessing the system normally symbolized as DoS (Denial-of-Service) attack.

Cyber-attacks have advanced significantly from viruses, worms to Ransomware which holds users data for a price. A Worm is a malicious code that is installed and can replicate and spread to other devices with the aim of gaining access to the system. The Worms and viruses have become sophisticated, and the impact on the information technology industry has led to scaling up the data protection.

Cybersecurity in healthcare has faced a large number of attacks malware and ransom wares which aims at the victim’s extortion. The research aims to describe the history of the cybersecurity, the trends and the challenges facing it in healthcare that in turn affect the integrity of records. The healthcare society has been known to keep archives of patient’s details for decades, and with the invention of the computer, the record keeping has been digitalized. Through the growth of the internet, networking of hospital IT infrastructure has hastened service delivery through faster analysis of the patient’s records. Computers can organize the files into databases which are stored on the physical hard drive or the network. Doctors can get the medication history and illness progression of the patient through accessing the servers containing the hospital’s information with security procedures put in place to prevent intrusions, such as authentication with usernames and passwords.

History of Cybersecurity

The history of cybersecurity began in the late 1980’s with a self-propagating code created by Robert Morris who was recognized as the designer of the first computer worm (Reis, 2016). The worm locked users out of internet services and spread fast which resulted in closing down some regions using the web. Due to the type of attack majority complained of not accessing their information on the net. At the time networks had weak security measures since the technology was still at the beginning stages. Morris’s worm laid the foundations for the nature of viruses and malware as well as the varieties of security issues. IT professionals and network administrators worked to thwart similar attacks resulting from the birth of cybersecurity (Meeuwisse, 2017).

The effect of the Morris worm was not as devastating as it would be today due to the mass number of dependencies on the net. However, the subsequent attacks that trailed were first nuisance occurrences of having to cope with, and react to cyber-security attacks. These attempts eventually managed to build the security industry and the setting up of CERTs (Computer Emergency Response Teams) to act as a fundamental point for coordinating responses to emergencies (Julian, 2014). The result of the initiated security led to the increase of varieties in a list of detective and preventative security products.

In the Millennium years, the viruses dominated headlines especially with the ILOVEYOU virus that caused email failure across the world (Julian, 2014). The nature of the attack was compelling as forensics could not give the objective of the attack either the financial aspect of it. The threats led to the development of antivirus softwares which implemented a recognition pattern to identify the signature of the malware and protect the machines against attacks. It used a technique where the service is denied execution rights and flagged as a threat. The definition of the viruses’ signatures was frequently done to keep updated with the various forms of incidences. The healthcare industry formed panels such as The Presidents Health Information Technology Plan in 2004 to provide the electronic medical record (EMR) which implemented cybersecurity measures to protect against data theft.

The evolution of cybersecurity influenced the attackers through using targeted means rather than the previous records breaching motives. Security breaches occurred through the installation of malicious code in the gadgets frequently accessed by a lot of people. The hacking of this equipment through the help of the networks commonly referred to as the internet of things. In the millennial years, the nature of cyber-attacks has developed to be more equipment focused case in point the first instance of subsequent information breach of credit card numbers. Gradually data related hacks became frequent, and between 2005 and 2007, for example, information theft is done by Albert Gonzalez a fraudster masterminded in criminal activity which resulted to the theft of data from at least 45.7 million payment cards (Reis, 2016).

Challenges Facing Cybersecurity

The current information structures such as hospital management systems run essential duties like Patient Health Information (PHI) in a hospital are designed with the current threats in consideration. Some of the challenges that face internet security technology are related to healthcare since IT has been fused in the healthcare sector for more efficient uses.

Hacking

Hacking involves the exploitation of weaknesses in a network to gain access to the device. In hacktivism; cybercriminals get into computer systems for social or political reasons not necessarily profit oriented. Moreover, if the attack is carried out successfully the damage reported is severe than other types of threats due to the hacker’s nature aiming to get recognition publically. The hack usually damages the organization’s reputation through obtaining valuable information and leaking it to the public. Cybersecurity in healthcare has faced several cases of hacktivism like the ILOVEYOU virus of the millennium period were the motive for the hack was not clear (Julian, 2014).

The present has also been faced with recordable instances where cybersecurity has been challenged in such by hackers through efforts to outdo each other. Case in point the theft of 40 million credit, and debit cards which were done in the late 2000s at a busy department store known as Target. The hack was massive and given the term “The Target breach (Reis, 2016)”. The scale of the attack was complex compared to the TJX since from a technical point of view, the hackers’ needs took an unplanned route via installing a third party service of heating and ventilation supplier to Target. The hackers used code developed for the specific Point of Sale (PoS) system installed at the target to collect credit card information at the precise moment the card was unencrypted and gets the figures for own manipulation (Meeuwisse, 2017).

The Internet of Things (IoT)

McAfee estimations predict that by the year 2020, 4.5 billion devices shall be connected to each other and thus making work easier (Koret & Bachaalany, 2015). The control of devices could be fatal in some instances as it is a lucrative market for hackers, for example, in healthcare, an insulin pump or a heart monitor is a device connected through a network and controlled by the patient to monitor blood sugar levels or heart rate. In case a hacker was to hack the insulin pump and change the dosage, then the patient health it at risk. The hacking techniques also tend to lean towards the motor industry where control of cars can be done through a laptop and specific code to start stop or cause motion case in point jeep grand Cherokee cars. McAfee researched some products retailed in 2017 stating some may contain backdoors installed for the lawbreakers to use as leverage (Julian, 2014).

Social Engineering

Cyber threats in the form of social design is a significant challenge as it works with human engineering skills. The aim of a hacker to use social abilities to obtain valuable and confidential information such as emails, usernames, and passwords as well as even phone numbers to assume the victim’s identity. Phishing is a commonly used technique in social engineering that acquires prized information for malicious individualistic purposes like money laundering. The method uses a bait in various forms like attractive emails, ads, and media with embedded malware (James & Wong, 2016). Email spoofing is the most used type of social engineering skill and prompts the user too often input individual data at a counterfeit website which is identical to the genuine one, and the only variance is the URL. However, efforts to cope with the rising number of described phishing incidents include legislation, public awareness, user training, and technical security procedures (James & Wong, 2016).

Cybersecurity Trends in Healthcare

The evolution of technology has resulted in specific trends in cybersecurity that show the nature and effects of attacks. The healthcare industry has evolved to having Patient Health Information (PHI) exchange points being accessed through mobile phones and stored on cloud servers. Regarding hospital information, the hub centralizes the smaller clinics and stores all the information to their physical repositories and also cloud storage (Julian, 2014). The environment is protected by encryption technologies which make the data secure. However, trends indicate that, due to the increased usage of the cloud, it is likely to face security problems.

Hospitals’ repositories face substantial data transfers daily, and those with a shared cloud service become unstable and insecure based on increased demands. Networked database systems can assist in offering offside backups that can support in the event of failure and ensure no data loss. Companies should cultivate a specific security principle and strategies for private and communal cloud usage and apply robust decision model to relate consistency to the risks associated.

Advancements in mobile technology have also resulted in cell phone related malware. The trend focuses on smartphone users who perform the majority of their tasks using the handset such as money-related transactions and social media management. For Android and IOS users the number of threats has increased to 8.5 million installed malicious code and has tripled the capacity in 2015 and 2016 (James & Wong, 2016). Cybercriminals exploit the weaknesses in smartphones and can be able to target any device connected to the internet. Trojans and mobile Ransomware trends have increased significantly and focused on hospital portals that use mobile access to get PHI.

Digital ecosystems require safety in information transmission, dependability, and privacy as part of the cybersecurity strategy. The direction of security requires the systems administrators to manage the information flow since some directly affect the individuals and the responsibility for the data should be handled through sealing the breaches that could cause data leaks. Healthcare sector has also been subjected to the data breach trends with results such as the Bronx-Lebanon Medical Center being exposed over ten thousand records due to a misconfigured data backup from a vendor (Reis, 2016). The impact led to severe infringement of doctor- patient’s privileges with high profile patients exposed ruining their reputation.

The cybersecurity trends evolve with complexity and breadth of the data systems and the National Health Service in England and Scotland faced the challenge of WannaCry Ransomware denying services to doctors who needed to use the records to treat patients. In 2017 another related attack was carried out on ABCD Children’s Paediatrics in San Antonio affecting individuals more than 55,000 patient’s records. The data contained dates of birth, medical histories, insurance billing information, social security numbers, and more. The healthcare industry magnitudes resulted to network professionals paying close consideration to cybersecurity (Meeuwisse, 2017).

The Future of Cybersecurity in Healthcare

Teamwork and communication allow investments in cybersecurity to grow and awareness creation should be the principal task in curbing threats on the network. According to reports carried out in the recent past indicate that over 90% of the breaches were preventable if the owners took simple data securing measures such as using unique and complex passwords to authenticate instead of a simple passkey. Approximately 30% was due to employee faults by who maliciously or accidentally left the system vulnerable caused by lack of proper laid internal controls, for example, logout procedures and workstation etiquette (Reis, 2016). An estimated two-thirds of the employees had malicious intentions while the rest were inadvertent actors who accidentally allowed attackers to access information. Organisations result in measures of dealing with internal threat factors such as data monitoring to prevent malicious transmission of data by employees which may pose a threat to the management systems of the hospital (James & Wong, 2016).

In future, collaborations and solidarity among software vendors should be upheld to develop tight security systems from design to the physical implementation. With more systems being developed that can calculate the success margin of a company, detect fraud and automate the user’s experience, developers should take into account the parameters of previous breaches and seal the hot zones in the design process (Koret & Bachaalany, 2015). Therefore to prevent future machine learning attacks based on repeated patterns, the architecture of the system should be changed during updates. McAfee predicts that machine learning will be used to identify high-value organizations that fraudsters can implement their malware. A deficiency of investing in cybersecurity results in more expensive consequences in cleaning up data breaches.

Conclusion

The research paper shows the various challenges that cybersecurity faces in healthcare since the creation of the Morris worm to date when corporations and government institutions store their data in the cloud. Ransomware like WannaCry has taken the new trend in using denial of service (DoS) attacks affecting systems for financial gain. The evolution of the mobile Trojans, phishing techniques, malware, and viruses have played a significant role in influencing data management across over the internet. Progress in cybersecurity has been being made through the creation of antiviruses. Nevertheless, a good deal needs to be done especially in healthcare where patients’ lives are on the line. In portraying the risks associated with lack of reliable security the research depicts that through stirring awareness, users can prevent some kinds of attacks like installing an antivirus to thwart phishing which could be in the form of emails from untrusted sources or fake websites prompting users input.

References

James, C., & Wong, A. (2016). Cybersecurity Threats Challenges Opportunities. 50 Carrington Street: ACS Publishing.

Julian, T. (2014, Dec 4). Defining Moments in the History of Cyber-Security and the Rise of Incident Response. Retrieved from Info Security: https://www.infosecurity-magazine.com/opinions/the-history-of-cybersecurity/

Koret, J., & Bachaalany, E. (2015). The Antivirus Hacker’s Handbook. Indianapolis, IN:: John Wiley & Sons Inc.,

Meeuwisse, R. (2017). Cybersecurity for Beginners: History to Present Day. Hythe: Cyber Simplicity,

Reis, D. (2016). Cybersecurity: Issues of Today, a Path for Tomorrow. Bloomington: Indiana Archway Publishing.