Recently, a cybersecurity report released by Verizon showed that worldwide, the medical industry is the only industry where internal threats are higher than external threats, and the leakage of medical data by internal practitioners has reached an alarming level.
According to the report, there are three main reasons why insiders leak information: one is driven by financial interests, such as tax evasion or using stolen information to open credit lines (48%); the other is to spy on celebrities and their families out of curiosity or entertainment (31%); and the third is purely because the information is within reach (10%).
Of course, in addition to "spies", another security hazard to medical information is hacking.
Statistics show that there were 15 major medical information leaks in the United States alone in 2017. It is conservatively estimated that a total of about 3 million patient information was leaked. In my country, this problem is equally serious. For example, in September 2017, Legal Daily reported that a hospital's service information system was hacked. More than 700 million pieces of citizen information were leaked, and more than 80 million pieces of citizen information were sold. In recent years, such security incidents have occurred frequently.
Medical data: Black products are hot cakes
There is no doubt that medical data is of great value. The patient's name, age, residential address, telephone number, medical history, bank account and other information contained important wealth value, which also makes medical data a hot spot for illegal businesses.
Driven by factors such as interests, incidents of leaking information by "spies" in the medical system occur frequently. In addition, hackers have been eyeing this data.
In recent years, with the development of electronic medical records, cloud access to hospitals, and remote consultations, patient medical records and other information has gradually been converted to electronic versions, and more and more personal health information has been connected to the Internet. Although this greatly improves convenience, it also increases the risk of patient information and data leakage.
First of all, medical staff's security awareness is relatively weak: a survey shows that 21% of internal staff said that the user name and password records for logging in to medical-related systems are kept next to their computers; moreover, the phenomenon of medical staff sharing accounts is also very serious. If a security incident occurs, it is difficult to conduct safe traceability;
Secondly, medical institutions are not strict enough in managing internal staff, resulting in opportunities for "spies" to take advantage of them;
Thirdly, the security level of medical system accounts is low, making it easy to be attacked by hackers with brute force, database collision, phishing emails, Trojan viruses, SQL injection, etc., and then steal medical data for reselling for profit, and even control the hospital's critical information system and extort huge ransom., seriously affecting the normal order of the hospital.
The endless stream of security incidents always reminds us that the security line is the lifeline, and the first line of defense is identity authentication. According to the "2017 Data Breach Investigation Report" released by Verizon, 81% of data breaches are related to identity theft.
Therefore, it is urgent to improve the security of medical information systems. In addition to the need to strengthen employees 'safety awareness, it is also necessary to improve the security of identity certification through technical means, and ensure safe traceability and accountability to people.
