Cybersecurity in radiology, from RSNA 2016.
It’s almost become old hat. Another year, another electronic data breach. You might not be surprised anymore, but you should still be worried. Not only is the number of patients affected when a health care facility is infiltrated growing, but the types of cyberattacks are also changing.
And according to industry leaders at RSNA 2016, health care isn’t paying close enough attention to how best to handle the problem.
“Health care IT security has the wrong mission and the wrong approach,” said James Whitfill, MD, chief medical officer for Scottsdale Health Partners. “It’s focused on medical records and compliance. It’s not worried about events. Regulations have been the only motivator, and it’s a lousy one. Regulations don’t work well because they only protect against the most unsophisticated attacks.”
The Threat
Over the past year, health care has seen an uptick in a new type of cyberattack called Ransomware. This attack infiltrates your system through an innocuous-looking email and installs software behind the scenes to encrypt data. Once it controls all your information, the system is locked, and hackers demand payment to release it.
More and more hospitals are falling victim, Whitfill said, and the problem is two-fold. Not only is your patients’ private health information – including diagnostic images – in jeopardy, but you’re also prevented from providing care because you can’t access medical records or any other programs.[[{"type":"media","view_mode":"media_crop","fid":"55302","attributes":{"alt":"James Whitfill, MD","class":"media-image media-image-right","id":"media_crop_6603239845501","media_crop_h":"0","media_crop_image_style":"-1","media_crop_instance":"6921","media_crop_rotate":"0","media_crop_scale_h":"0","media_crop_scale_w":"0","media_crop_w":"0","media_crop_x":"0","media_crop_y":"0","style":"height: 170px; width: 170px; border-width: 0px; border-style: solid; margin: 1px; float: right;","title":"James Whitfill, MD","typeof":"foaf:Image"}}]]
If you don’t pay to have your hijacked system unlocked, he said, it could be sold to the highest bidder. On the black market, the medical record for one patient costs approximately $50. Multiply that by the number of patients seen at a typical hospital, and the price tag balloons. Some electronic medical record databases can sell for more than $100,000.
Breach Impact
In the past, financial gain was the main impetus for stealing health data, Whitfill said. It could either be sold for identity theft, used for extortion among celebrities or politicians, or used for fraudulent billing. The danger has grown, though, to include attacks on public health.
It’s now possible for nation states and terrorists to gain access to large swaths of private health care data. The information could be used for both targeted and untargeted attacks.
This type of data breach is particularly dangerous because it grinds your ability to provide care to a halt. You can’t perform any diagnostic studies, and if the shutdown continues for an extended time, that could put patients’ lives at risk, he said.
Protecting Yourself
Once Ransomware infects your system, there’s virtually no way to uninstall it yourself. So, your priority must be preventing infiltration, Whitfill said. Unfortunately, it’s getting harder to identify the fraudulent emails hackers use to gain access to your records. The best defense might be to trick your own employees in the name of education.
“One of the primary things you can do is educate your employees by sending out your own false email to see who clicks on them, and then go talk with these folks,” he said. “The days of issuing the general warnings of ‘Don’t click on things that look funny,’ are over. These things are very difficult to figure out.”
As radiologists, you can help protect your institutions, though. Take and support anticipatory steps to lead the charge:
1. Assume you’ll be hacked at some point, and keep an eye out for any tracks that can show you how it happened.
2. Make the case for keeping your security and IT departments separate. They have different goals and should operate independently.
3. Don’t allow any unprotected USB devices to be used in your network.
4. Consider keeping your patient information on a separate network from any other information you use in your practice.
AI Facilitates Nearly 83 Percent Improvement in Turnaround Time for Fracture X-Rays
December 19th 2023In addition to offering a 98.5 percent sensitivity rate in diagnosing fractures on X-ray, an emerging artificial intelligence (AI) software reportedly helped reduce mean turnaround time on X-ray fracture diagnosis from 48 hours to 8.3 hours, according to new research presented at the Radiological Society of North America (RSNA) conference.
The Reading Room: Artificial Intelligence: What RSNA 2020 Offered, and What 2021 Could Bring
December 5th 2020Nina Kottler, M.D., chief medical officer of AI at Radiology Partners, discusses, during RSNA 2020, what new developments the annual meeting provided about these technologies, sessions to access, and what to expect in the coming year.
Can an Emerging PET Radiotracer Enhance Detection of Prostate Cancer Recurrence?
December 14th 2023The use of 68Ga-RM2 PET/MRI demonstrated a 35 percent higher sensitivity rate than MRI alone for the diagnosis of biochemical recurrence of prostate cancer, according to research recently presented at the Radiological Society of North America (RSNA) conference.
RSNA 2020: Addressing Healthcare Disparities and Access to Care
December 4th 2020Rich Heller, M.D., with Radiology Partners, and Lucy Spalluto, M.D., with Vanderbilt University School of Medicine, discuss the highlights of their RSNA 2020 session on health disparities, focusing on the underlying factors and challenges radiologists face to providing greater access to care.
Can AI Improve Detection of Extraprostatic Extension on MRI?
December 4th 2023Utilizing a deep learning-based AI algorithm to differentiate between diagnostic and non-diagnostic quality of prostate MRI facilitated a 10 percent higher specificity rate for diagnosing extraprostatic extension on multiparametric MRI, according to research presented at the recent RSNA conference.
Study: Regular Mammography Screening Reduces Breast Cancer Mortality Risk by More than 70 Percent
November 30th 2023Consistent adherence to the five most recent mammography screenings prior to a breast cancer diagnosis reduced breast cancer death risk by 72 percent in comparison to women who did not have the mammography screening, according to new research findings presented at the annual Radiological Society of North America (RSNA) conference.