Are Cyberterrorists a Real Threat to Your Medical Data?

Harris Meyer


February 13, 2013

In This Article


Physician practices, hospitals, and other healthcare organizations -- which already face growing theft of patient, physician, and employee data for financial gain -- are also vulnerable to potential cyberterrorist attacks by people, groups, or countries seeking to disrupt the US healthcare system, warn data security experts.

An article in Telemedicine and e-Health[1] says that healthcare organizations are at risk for attacks because they increasingly rely on computerized information; share sensitive data across multiple networks; use mobile devices; and are underprotected compared with other, less fragmented industries. Healthcare facilities report more hacking into their clinical data systems, including insertion of malware, denial of service attacks, and computer code attacks to steal or manipulate data, according to the article.

"Cyberterrorism is a growing concern for medical groups for an obvious reason: They are becoming more electronic," says Rob Tennant, senior policy adviser for the Medical Group Management Association (MGMA). "The bad news is that your typical medical practice doesn't have the type of expertise in-house to allow them to easily create a secure environment."

A 2012 survey of healthcare security professionals by the American National Standards Institute (ANSI)[2] found that 43% of those professionals thought state-sponsored cyberterrorist attacks pose a future threat, whereas 55% thought future attacks by malicious insiders are likely. Budget constraints, lack of executive leadership, and the evolving nature of security threats combine to make protection of healthcare data very challenging, these professionals said.

"Cyberterrorism and malicious destruction are not top-of-mind concerns for healthcare organizations," says Peter Yellowlees, MD, a psychiatry professor at University of California, Davis, who coauthored the journal article. "But the healthcare system is a soft target, and someone from overseas could introduce malicious [software] programs to alter data and reduce trust in the system."

There's no published evidence showing that domestic or foreign cyberterrorists are targeting US healthcare facilities, Dr. Yellowlees notes, The financial, military, electrical utility, and technology sectors are more likely to be targeted, many believe.