Banner

Article

How to tell if your practice has been hacked

Author(s):

Being hacked can create havoc in your practice and harm your ability to provide healthcare to your patients.

doctor on computer © DCStudio - stock.adobe.com

© DCStudio - stock.adobe.com

The biggest crisis facing your practice occurs when your healthcare records are stolen or hacked by a cyber thief. Being hacked can rain havoc on your practice and your ability to provide healthcare to your patients. Having your records stolen in a healthcare data breach can be a prescription for financial disaster for your practice and risk errors and mismanagement of your patients, ultimately affecting their health and well-being. This is the first article of a three-part series on cybersecurity. This first article will discuss learning that your data has been breached. The second article will discuss the process of getting your data back. Finally, the last article will discuss how to be proactive and make efforts to minimize the loss of your data to cyber criminals.

Suppose scam artists break into healthcare networks and grab your medical information. In that case, they can impersonate you to access medical services, use your data to open credit accounts, break into your bank accounts, obtain drugs illegally, and even blackmail you with sensitive personal details.

Theft victims often must spend large sums of money to fix problems related to having their data stolen. But security research firm Ponemon Institute found that healthcare identity theft victims spend nearly $13,500 dealing with the difficulty of retrieving the data from cyber criminals. It costs thousands of dollars per case to settle medical identity theft issues; on average, it takes around 200 hours to resolve.1

Your patients or the victims of healthcare data breaches may also be denied care, reimbursement by their medical insurers, canceled policies, or paying larger premiums to reinstate their insurance and suffer damage to their credit scores. There are nightmare stories where patients who have had their data stolen have been threatened with losing custody of their children, been charged with drug trafficking, found it hard to get hired for a job, or even fired by their employers.

Data breaches occur when hackers infiltrate the computer network of a doctor's office, clinic, hospital, medical lab, insurer, or other medical providers. In some cases, medical information is stolen by disgruntled medical workers, or the most common cause is careless office procedures and security.

This isn't a situation that occurs only in large practices and hospitals. Small practices and hospitals are at risk of losing data and medical records. Medical data is an attractive target for cybercriminals because healthcare data is more valuable than other commonly available personal data. Hackers have discovered that medical practices held hostage to hackers are willing to quickly pay the ransom to retrieve their data. While a stolen credit card number might be sold for a few cents, a patient's file is worth more than $250, according to Mariya Yao, Chief Technology Officer and Head of Research & Design at TOPBOTS, an artificial intelligence research firm.2

The number of thefts of patient medical data hit a new high last year—averaging more than one data breach per day—and it's not slowing down, according to the healthcare privacy firm Protenus. While 2017 saw 477 incidents in which medical records were stolen, more than 1.1 million patient records were stolen in 2021. Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. Healthcare organizations experienced the highest average data breach cost for the eleventh year in a row.3

A cyberattack can affect your bottom line and your patients' trust. The impact of a security breach can be broadly divided into three categories: financial, reputational, and legal.

Financial impact

Cyber-attacks often result in a financial loss arising from:

  • theft of patient information
  • theft of financial information (e.g., bank details or payment card details)
  • theft of money
  • inability to carry out transactions online
  • loss of patients-will seeking healthcare in other practices

Reputational damage

Trust is an essential element of the doctor-patient relationship. Cyber-attacks can damage your practice's reputation and erode your patients' trust in you and your practice. This, in turn, could potentially lead to the following:

  • loss of patients
  • loss of income
  • reduction in profits

The effect of reputational damage can impact your suppliers and vendors or affect relationships with partners, investors, and other parties doing business with your practice.

Legal consequences

Data protection and privacy laws require you to manage the security of all patient data you hold. If this data is accidentally or deliberately compromised, and you have failed to deploy appropriate security measures, you may face fines and sanctions.

Cybersecurity breaches have many consequences. Businesses may lose customers and revenue, tarnish their reputation and brand, or face litigation. Another concern is that various rules and regulations require companies to maintain baseline levels of cybersecurity. Companies are subject to significant fines, fees, penalties, and punitive consequences when a breach occurs because those levels are unmet. To fully understand cybersecurity risks, it's imperative to understand the applicable laws and penalties.

Health Insurance Portability and Accountability Act (HIPAA) and Cyber-security

This law applies to almost every organization that deals with medical information. The law establishes standards for how medical information is to be stored, accessed, and shared. Violations can result in expensive fines.

The fines are calculated based on the number of medical records exposed, ranging from $50 to $50,000 per record. Penalties are capped at $1.5 million annually, but practices and hospitals may receive the maximum fine for multiple years. In extreme cases, violators may even face prison time ranging from 1-10 years.

Discovering that you've been breached

Hackers don't announce their presence. The longer criminals can remain hidden on your network, spreading havoc as they go, the more damage they can do when they release their payload.

It can be challenging to tell if your practice has experienced a cybersecurity breach. Criminals use a variety of ways to avoid detection and stay in your system long enough to harvest as much data as possible. Sometimes, it can take months - often longer - to realize an attack has occurred. By that stage, it may have already caused a significant impact on your practice and your patients.

Cybercriminals try to cover their tracks, but there are a few signs you can look for:

  1. Sudden file changes — Software you haven't heard of unexpectedly installing, file name changes or other file tampering are signs you've been breached.
  2. Locked user accounts — Users locked out of their accounts, and not because they've tried their password too many times, can mean others have been trying to access them or, worse, that a hacker already has access to their credentials.
  3. Slow device and network performance — Systems compromised by attacks or with processing power harnessed for illicit purposes will slow down your processing or access to data.
  4. Antivirus "alerts" — You may receive fake pop-up notifications that are hard (at least for end users) to distinguish from the system alerts.
  5. External sources — Partners or outside organizations may have discovered and informed you of a breach. Unfortunately, by the time this happens, you've usually been breached for many months.
  6. System alerts — Of course, your existing security solutions may provide alerts. Paying attention to these alerts is important, although separating what's real from the noise can be challenging.

Breach detection tools (also known as intrusion detection tools) can help identify threats inside your network. Intrusion detection techniques and tools are used to discover and react against computer attacks. They are either software or hardware products capable of recognizing active threats and alerting relevant security staff that they need to act. Examples of intrusion detection tools include SNORT, OSSEC-HIDS, FRAGRUTE, METASPLOIT, and TRIPWIRE.

Intrusion detection systems (IDS) do as the name suggests: they detect possible intrusions. IDS tools aim to detect computer attacks or illegal access and alert the concerned people about the detection or security breach. An IDS installed on a network can be viewed as a burglar alarm system installed in a house. Though their methods are different, both detect when an intruder/attacker/burglar is present and subsequently issue some warning signal or alert.4

Bottom Line: As physician attrition, nursing shortages, and a global sense of burnout aren't enough to crumble an already exhausted healthcare industry, cybersecurity breaches have become an inescapable plague on the healthcare system. These breaches are now occurring more often. In the next blog, I will discuss how to retrieve lost or hacked data.

  1. Cost of Data Breach, https://www.ibm.com/reports/data-breach?utm_content=SRCWW&p1=Search&p4=43700072379268691&p5=p&gclid=Cj0KCQiA4aacBhCUARIsAI55maGbpZSXeHCMK5FlDZLU4gwg2JP2HV3Oyh5z5AawOTbi58igzqVeVrYaAhc1EALw_wcB&gclsrc=aw.ds
  2. Yao M. Common Misconceptions Brand Executives Have About AI. TOPBOTS, February 13, 2017. https://www.topbots.com/common-misconceptions-brand-executives-innovators-leaders-have-about-artificial-intelligence/
  3. Fabbri D. Hospitals Spend More After a Data Breach, But There is a Fix, February 22, 2021. https://www.securelink.com/blog/hospitals-spend-more-after-data-breach-but-there-is-a-fix
  4. Paul Innella and Oba McMillan, Tetrad Digital Integrity, LLC "An Introduction to Intrusion Detection Systems" December 6, 2001
Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners
Dermasensor