Digital Health Information and the Threat of Cyberattack (CRS Report for Congress)
| Release Date |
Sept. 19, 2016 |
| Report Number |
IF10473 |
| Report Type |
In Focus |
| Authors |
C. Stephen Redhead |
| Source Agency |
Congressional Research Service |
Summary:
The number of cyberattacks targeting sensitive health
information maintained by health care providers and health
plans has increased significantly in the past two years. This
trend is raising concerns about the vulnerability of
electronic health data. Cybersecurity experts predict that the
number of cyberattacks involving health information will
continue to grow because the data are so valuable.
Health information often contains a rich set of personal
identifiers. These can be used to create false identities for
various illegal purposes, including submitting fraudulent
insurance claims. Stolen health data fetches higher prices
than stolen credit card numbers, which can be quickly
deactivated.
Health care cybersecurity involves more than just
safeguarding patient data from medical identity theft. Many
hackers are now using ransomware to attack hospitals and
other health care facilities in an effort to extort money by
disrupting their daily operations. Ransomware is a type of
malicious software that prevents the victim from accessing
their data—usually by encrypting the data using a key
known only to the hacker—until a ransom is paid. By
denying a health care facility access to its own data,
ransomware attacks may put patients’ lives at risk.
Health care facilities also are concerned about the
cybersecurity of medical devices used to monitor and
support patients. Increasingly, such devices are connected
to the Internet and other networks.
