Photo - Michelle Ong, Fortinet's Country Manager for Malaysia.
Malaysia's healthcare sector is increasingly vulnerable to targeted malware attacks from hackers motivated by the black market value of patient data, said networking security specialist Fortinet.
Fortinet's Malaysia country manager Michelle Ong said cybercriminals were developing entire malware platforms that can be customised to attack healthcare organisations
Ong said patient data was more valuable on the black market than credit card numbers because healthcare data was "detailed, rich, and full of information that cybercriminals can use for identity theft and fraud."
"The black market for patient data is up to twenty times more valuable than that for credit card data often stolen in retail breaches," she said. "More importantly, it takes far longer - can be up to a year or more - for patients to realise their information has been compromised."
"When a credit card is stolen, algorithms in the financial industry pick up unusual activity very quickly and systems often automatically provide protection. These same protections simply don't yet exist in healthcare," said Ong.
In a statement, Fortinet's cybersecurity team noted three primary vectors of a healthcare cyberattack:
- Traditional cyberattacks
These are the types of attacks that happen to all institutions, even if some are more likely to make headlines than others, continued the statement. The healthcare industry was particularly vulnerable because it lacked the built-in protections and underlying security mind-set of other industries.
- Connected medical devices
Today, everything from heart monitors to IV pumps can be networked, automatically interfacing with EHR [electronic healthcare record] systems and providing real-time alerts to healthcare providers. Most of these devices, as well as MRI [magnetic resonance imaging] machines, CT [computerised tomography] scanners and countless other diagnostic machines were not designed with security focus.
- Personal and home health devices
An increasing numbers of home health devices, mobile apps, wearables, and more are collecting and transmitting personal health information. Not only do these devices and apps potentially expose patient data (or at least fail to adequately protect it), but they also often interface directly with EHR and clinical data systems.
"The time to address healthcare security is not when medical record breaches start making headlines," said Ong. "The healthcare industry as a whole needs to be proactive and begin deploying systems with security baked in, protected at both the network and application levels."
"The stakes are simply too high to wait," she said. "The healthcare industry must be able to proactively secure patient data, devices and systems that make up the foundational technology infrastructure of patient care."
Sign up for CIO Asia eNewsletters.