Fixing Hacks Has Deadly Impact on Hospitals

  /     /     /  
Publicated : 22/11/2024   Category : security


Fixing Hacks Has Deadly Impact on Hospitals


A study from Vanderbilt University shows that remediating data breaches has a very real impact on mortality rates at hospitals.



Breaches of private information in hospital records are serious and expensive security events but remediating them can be deadly. Thats the conclusion of a study presented last week at the
4A Security and Compliance Conference
.
The data shows that the type and scale of a breach dont have an impact on patient outcomes but that breaches do have an effect, and it appears to come from the hospitals response rather than the attack itself. The effect is serious: mortality rates go up significantly.
Dr. Sung Choi, a post-doctoral fellow at Vanderbilt University, says that the study looked at a common metric available to researchers: the 30-day mortality rate from AMI (acute myocardial infarction), which is basically how many people who come through the hospital door because of a heart attack are still alive 30 days later.
They chose that number because its commonly collected and frequently used by researchers and allows different factors to be compared in their impact on this metric, and it allows different facilities to be compared on a similar metric.
The 30-day mortality rate also allows for tracking a hospitals performance through time, and thats where this study gets very interesting.
The general 30-day mortality rate has been falling at a fairly consistent rate for at least the last five years, which is good news. But, according to the study, The .34 to.45 percentage point increase in 30-day AMI mortality rate after a breach was comparable to undoing a year’s worth of improvement in mortality rate. 
Behind the Bad Number
There are two key findings in the studys working paper that are surprising from a computer security perspective. The association between data breaches and AMI mortality rate did not differ significantly by the magnitude of the breach, the paper said. So the outcome wasnt significantly different whether there were 1,000 records hit or 500,000.
The second key finding contains an important caveat. According to the paper, The relation between breaches and AMI mortality did not differ significantly by the type of breach. The caveat is the timing of the studys data; the last year included was 2015, before ransomware became a major malware issue.
Choi says this appears to point in the direction of a cause for the worsening mortality rate. Its not the immediate effect of the breach but what happens afterward that has such an impact on the patients, he says. And
the research paper
begins to explore why that is so: ...regardless of the source the resulting discovery and mitigation of a breach can be viewed as a random shock to a hospitals care-delivery system.
(Lack of) Speed Kills
Healthcare IT systems may show that shock in slower and more disruptive change than those in other industryies because they start from a relatively weakened position security-wise. For the most part the healthcare industry, and especially the providers, has been a laggard  for information security, says Larry Ponemon, founder and chairman of the Ponemon Institute.
When hospitals respond to a breach, the response tends to have a major impact on their legitimate users. According to Chois research, new access and authentication procedures, new protocols, new software after any breach incident is likely to disrupt clinicians.
That disruption is where the patient is affected, through inaccurate or delayed information reaching the people caring for them. And how much, in blunt terms, can that effect be? The study says an additional 34- to 45 deaths per 1,000 heart attack discharges every year.
Good and Bad on the Horizon
Choi says that hospitals should be careful to focus changes in their security processes, procedures, and technology to improve both data security and patient outcomes.
Ponemon sees healthcare organizations starting to improve in security. We do see healthcare organizations starting to take care of security and rising to the next level of security. I think the public demands it, he says.
Two factors contribute to the improvement across the industry, he says. The first is the simple acknowledgement that doctors and hospitals are targets - an acknowledgement that was a long time coming. The next is the march of technology. There are technologies that healthcare can now afford because theyre available in the cloud and it provides the opportunities for healthcare security to improve, Ponemon says.
The improved security may come just in time to have an impact on a looming area of security concern: The medical IoT. Theres a universe of devices, many of which are implanted and many can be communicated with through WiFI or Bluetooth, Ponemon says. Right now, the providers are looking at records but the devices are really an area of huge concern.
Related Content:
What Enterprises Can Learn from Medical Device Security
Tennessee Hospital Hit With Cryptocurrency Mining Malware
Avoiding the Epidemic of Hospital Hacks
Ransomware Actors Cut Loose on Health Care Organizations
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the
security track here
. Register with Promo Code DR200 and save $200.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Fixing Hacks Has Deadly Impact on Hospitals