Many of us seldom think about who—or what— is watching us as we browse the internet. Many websites make use of cookies, which are snippets of code that help keep track of data such as passwords or shopping cart items while you browse the site. While cookies are mostly harmless, similar technologies can be deployed to mine your personal data to gain access to your not only your personal, but work accounts. Keeping your and your staff’s personal data safe on hospital medical computers is crucial to preventing system-wide hacks that can lead to extortion, or worse.
How Do Hackers Infiltrate Medical Computer Networks?
While it’s fun to think of hackers as super-smart, leather trench coat wearing folks sitting behind multiple monitors smashing away at keyboards, the reality of hacking is that many hackers rely on their victim’s human errors. Phishing emails, short and easy-to-guess passwords, and outdated software can turn one medical computer on your network into a hacker’s playground.
- Phishing emails are designed to appear as legitimate emails, often giving off the impression of being sent by a supervisor, IT, or even a friend. These emails typically give a long, contriving explanation as to why certain sensitive data needs to be sent to the phisher immediately. Users of medical computers who are not trained to detect such emails are lured into the false urgency of the email, and send off their personal information without thinking about who it is going to.
- There are many misconceptions about passwords, namely that having difficult, complex passwords is the best way to protect your data. While complexity is a factor of how hard a password is for hackers to guess, it often leads to personnel forgetting their passwords to their medical computers and having to constantly reset them.
- Outdated software on your medical computers constitutes one of the easiest backdoors that hackers have into your network. Outdated software is susceptible due to hackers having more time to figure out how to hack into the software, and being able to use the same method across multiple medical computers.
What Damage Can Hackers Do To Medical Computer Networks?
Simply put: it’s a hacker’s world, we’re just living in it. Charles Henderson, global head of IBM’s hacking unit X-Force Red, took to the stage at this year’s Blackhat cybersecurity conference and hacked an ATM, turning it into a cash dispenser in just a few minutes. If a computer exists, it can be hacked and likewise, your medical computers can be hacked. But it’s not just medical computers either, even pacemakers or insulin pumps can be hacked by nefarious folk.
While the prospect of patient’s life saving apparatus suddenly being disabled by deviants is justifiably terrifying, most hackers aren’t out to cause such chaos. Instead, they are after one thing: money. Hackers have taken to infiltrating hospital’s medical computer networks, and locking down all files until a ransom is paid. This ransom takes form in the form of untraceable bitcoin, allowing for the hackers to make a clean getaway without ever having set foot in your hospital. Hancock Health was forced to pay hackers $55,000 in 2018 in order to re-access their files that hackers had encrypted and held for ransom.
Preventing Medical Computer Hacking
It’s more than likely that your hospital would not like to pay hackers for access to your own medical computers. Preventing hackers from infiltrating your medical computer network is not as simple as we may like to think, but there are certain ways you can stay one step ahead of the dark web.
- Hold Trainings
The easiest way to prevent medical grade computer breaches is to train your medical staff to recognize the various ways that they are constantly under cyber-attack. Medical grade computers are hot-beds for attacks from all angles such as phishing. There are multiple courses, as well as DIY seminars that can teach your staff how to recognize phishing emails, and how to handle them properly. Never ask your staff for any personal information via email, and inform them that any such requests will take place in person. The urgency suggested by phishing emails may cause staff to panic and forget to check who is sending them such emails, but if they know that supervisors would never ask for such information via email they can handle the situation properly.
- Better Passwords
Complex passwords are a good way of keeping your medical grade computers safe, but they lead to confusion and wasted time by staff trying to remember their logins. Try having your medical staff use passphrases to login to their medical grade computers instead. Passphrases are simply long, easy to remember sentences that staff can use as a password for their medical grade computer that would take a hacker literal centuries to crack. An example would be using “thisismygreatpasswordthaticanremember” instead of “password”.
- Update Medical Grade Computer Software
If you haven’t updated your medical grade computer’s software in a while, the best time is yesterday. Medical grade computers have to run many different software packages, and while it may be a pain to keep every single one updated, it is crucial to your medical grade computer’s integrity.
There’s no one-size-fits-all solution to keeping your medical grade computer network safe. Only a trained and aware medical staff can help keep hacking risks to a minimum. Medical grade computers are only as capable as their users, and keeping your users informed is the best practice.