Malware is a word the medical industry needs to become more familiar with.
The medical world is more tightly connected than ever before. We depend on technology the way we used to depend on a pen and paper. The primary difference being, pens and paper don’t have the ability to listen, record and potentially steal every piece of information associated with a patient’s care.
Malware is invasive software that includes viruses, worms, trojan horses, spyware, adware and one of the newer forms recently in the news, ransomware. If these weren’t enough, newer, more invasive forms of malware known as “bots” (short for robot) and advanced persistent threats (APT) are becoming more numerous.
Think of malware as cancer, eventually killing the host. A bot and other less invasive forms of malware are more like a human virus; not necessarily designed to kill but also not well designed to stay within the infected host long term. An APT then, is a parasite, designed to infest the host over a long-term. Bots and APTs allow an external host to invade, operate and/or search through a computer over a short (bot) or long (APT) period of time without being detected.
The health care system has become a relatively new target for hackers. Healthcare systems are made more vulnerable by their reliance on new and emerging technology and a relative naïveté regarding the exposure of those systems to hackers.
A recent example is MedStar Health where computer systems were crippled by malware that took down their internet systems for days. This forced them back, if not into the stone age, certainly to the pen and paper age. Since then MedStar has clarified that no patient records were compromised; however, intrusions into other systems have resulted in the loss, potential loss or compromise of personal health information (PHI).
Another serious concern is the question of whether MedStar was actually hit by ransomware. Ransomware is extortion, where a hacker will hold sensitive information for ransom. At MedStar, the FBI was investigating this very real concern.
A ransomware attack at Hollywood Presbyterian Medical Center in Los Angeles, CA led to the hospital paying the equivalent of nearly $17,000 to regain access to crucial patient information. This is a small amount to pay; however, this is only the beginning salvo in what is likely to be a protracted war on the medical industry, its PHI and other critical information. Extortion in amounts of millions of dollars is the bigger concern for the future.
Many, if not most companies take varying degrees of a big sky approach to their concern with cyber attacks i.e. I’m only one small dot in a very big sky, limiting the likelihood of attack. Certainly, some steps have been taken to provide security but many times, due to the cost or the time involved, these measures are limited or incomplete.
Your hospital or imaging center may be taking significant steps towards making security a priority but preventing direct attacks on your facilities can’t be your only focus. Attacks on partners with direct connections to your systems should also be an area of concern. Questions must be asked including – “How safe and secure are our partners?”, and – “Are our partners taking security as seriously as we are?”
An attack on one of your partners could be associated with concurrent attacks on your systems as access points and weaknesses are able to be probed and taken advantage of. Subsequent investigations of your partners may also involve investigations of your systems as points of access or of subsequent attack.
At Direct Radiology we ensure all aspects of cybersecurity, prevention, detection, and response are addressed. All aspects of our systems are protected, 24/7. And, all of our systems are fully HIPAA compliant.
Data transmitted to Direct Radiology, using our OnePacs web server is encrypted. Encryption is performed with the Advanced Encryption Standard (AES) through a TLS-negotiated protocol. No unencrypted data is ever transmitted over the internet. Data at the OnePacs Data Center is stored in a physically secure location and protected by hardened network security and subject to 24/7 physical plant monitoring. Username and password authentication via SSL-encrypted web sessions are required to access any information in the OnePacs system. All accesses or attempts, are logged in detail including the user, time and date, the specifics of the accessed data and the originating IP address.
The medical world is more tightly connected than ever before. This is particularly true with your teleradiology provider. Ensuring your provider has the same level of concern for cybersecurity as you, needs to be a major point of discussion. At Direct Radiology, the security of our systems and your information is our highest priority.
About Direct Radiology
Direct Radiology is a national teleradiology practice with a proven track record of exceptional service, reliability and sustainable growth. The practice is owned and managed by radiologists and our radiologists have a stake in our success.
Our founders believe that the finest teleradiology coverage is built on high-quality, clinically-useful radiology interpretations and accessible, responsive physician leadership. Direct Radiology opened for business in January of 2012, and we have grown steadily. We now have over 35 radiologists and 30 support staff. We provide interpretations for approximately 180 hospitals, imaging centers, mobile imaging services, and physician offices around the country.
Call us at 855-687-7237 for more information about Direct Radiology and how you can move into the future with a radiologist owned teleradiology solutions provider.
