In four of the past five years, Texas health care providers have seen the highest number of cyberattacks of state in the country.
Experts are monitoring the role pacemakers and other implantable devices connected to a network might play in future attacks. Thus far, however, they believe individual patients face little danger from personal physical attacks from hackers.
Cyberattacks using implantable medical devices
For fear of an assassination attempt, Dick Cheney’s pacemaker was isolated from outside data for a while during his time as Vice President.
“You can imagine a crazed science fiction novel where someone tries to kill someone by hacking a pacemaker,” a professor at the University of Texas Health Sciences Center at Houston said recently.
“But there’s not a lot of incentive for hackers … unless that device is connected to a famous person like the leader of a country.”
But implanted or wearable devices are gradually turning into millions of networked computers, and concerns are rising that entire healthcare networks will become ever more vulnerable to hacking. Once in the network, hackers have multiple ways to make a profit.
They can steal health records. While a stolen Social Security Number goes for about a dollar on the black market, a medical record can fetch $1000.
They can also extort payments by seizing control of valuable digital assets, as when 16 hospitals in the UK were locked out of their patients’ records. Their emergency rooms were forced to divert patients to unaffected hospitals while the hackers demanded a ransom.
To date, wearers of pacemakers or other implantable devices have not been held hostage to ransomware attacks, a scenario reportedly fit only for science fiction.
Texas health providerslead nation in cyberattacks
We’ve not only had a larger number of hacking breaches than any other state in four of the past five years, we’ve also had more individual patient records stolen, representing 1.4 million people since 2014.
Officials say one explanation is that the second-most populous state can also be expected to rank high in total numbers of breaches and thefts. Our large size also means many smaller rural hospitals with very narrow business margins find it difficult to continually invest in cybersecurity.
A network is only as secure as its most vulnerable node, whether it be a rural hospital, a patient’s implantable device, or a careless keystroke at a big-city headquarters. Administrators, doctors, patients, cybersecurity experts and legal experts are watching and hoping Texas, this time, easily concedes second place to another state.