Security Problems
HACKER TYPOLOGY
-
HACKTIVIST
Motivated by political or ideological revenge
-
SCRIPT KIDDIES
Unskilled programmers using malware tools like CryptoLocker they can buy online
-
CYBERCRIMINAL NETWORKS
Often put lots of script kiddies to work
-
NATION-STATES
Sometimes the stolen data never gets used, and never reappears. One prevailing theory is they’re using the stolen data to model their own health systems.
-
2.3 million Americans every year are victimized by medical identity theft, most often by someone using their identity to get prescription drugs or medical services
-
43% of all identity thefts in the US were for fraudulent medical services
-
On the darknet, stolen medical data fetches 10x the price of stolen credit card data
-
81% of healthcare CIOs admit their organization has been compromised by cyberattacks
-
Average % of budget devoted to cybersecurity:
– finance & banking: 12%
– healthcare: 6%
ANATOMY OF A RANSOMWARE ATTACK
-
A cybercriminal network called Shadow Brokers steals hacking tools from the NSA, and releases them on the darknet to waves of script kiddies.
-
The NSA warns Microsoft that their operating system is at risk.
-
Microsoft releases a free patch to fix it in March of 2017—except those running old XP have to pay an expensive price.
-
The National Health Service in Britain, which uses XP and serves 50 million people, can’t afford Microsoft’s price.
-
May 2017: The “WannaCry” ransomware attack hits 104 countries, most notably the NHS of Britain. 48 health organizations have no access to testing equipment or patient information. Patients are sent home and surgeries postponed.
IS THE CLOUD SAFER?
Cloud systems are generally more secure, using redundancy and partitioning to limit the scale of any intrusions. However, cloud systems have been hacked, too. The weakest point of any data network is the human access. Even though data is encrypted, the decryption keys pass through a computer’s RAM, and at that point they can be accessed. The vulnerability of devices is so problematic, we will see a new branch of the FDA, responsible not for determining the effectiveness of a device, but for approving its security architecture.
ANONYMITY? UNLIKELY
Consumer data companies like LexisNexis Risk Solutions and Acxiom already have compiled thousands of data points on a majority of Americans. This data has been sold repeatedly, making it highly likely that medical data has been integrated with consumer behavior data.
SO WHAT’S THE ANSWER?
No system is entirely impenetrable. One solution: don’t make data safe—make it not worth stealing. New security systems based on the blockchain are so hard to crack that it would take supercomputers years to unlock the stolen data. They use tumblers to disperse data into fragments, so a patient’s medical record is not in one place. Companies like Blockchain Health and partnerships like MedRec (at MIT) are using blockchain on market segments like clinical research and pharmaceutical prescriptions to perfect their systems.
HAS THE BLOCKCHAIN BEEN HACKED?
Yes, Bitcoin cryptocurrency exchanges have been hacked. Twice. $118 million has been stolen. If you’re scared, you should be.