Medical Association President: Health Records Cyberattack Likely
The new board president of the American Medical Association, who works for a technology firm, says that there's a high risk of a Target-style attack on the medical industry. It's only a matter of when.
Most of the headlines about cybersecurity this year have focused on one easy target: Target.
The retail industry may be getting all of the attention these days, but a leading figure in the healthcare association space says that the medical industry should prepare for the day when its own infrastructures are under major attack.
American Medical Association Board President Robert Wah, MD, who was sworn in last month and also works as the chief medical officer of the technology firm CSC, says that insurers and medical facilities should prepare themselves for a breach on a scale similar to the one that affected millions of Target’s customers.
“What I think it’s going to lead to, if it hasn’t already, is an arms race between the criminal element and the people trying to protect health data,” Wah told Politico this week. “I think the health data stewards are probably a little behind in the race. The criminal elements are incredibly sophisticated.”
Part of the concern, the article notes, is that credit information is temporary—but medical records are not. Further, Wah explains, such financial information may actually be easier to gather from healthcare facilities than from retail locations.
“They’re seeking health records not because they’re curious about a celebrity’s blood type or medication lists or health problems,” he added. “They’re seeking health records because they can do huge financial, fraudulent damage, more so than they can with a credit card number or Social Security number.”
Lacking Patient Security
The AMA President’s warning is similar to one the FBI made a few months ago. In a notice acquired by Reuters in April, the bureau recommended that major healthcare firms spend more on cybersecurity, as medical information is considered more valuable on the black market.
“The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely,” the notice stated.
And with falsified medical information harder to track than that of credit cards, protecting such information poses challenges that financial records do not. And that’s a major problem waiting to happen.
“I believe that we’re not talking about if there’s going to be a big data breach in health care, it’s going to be how many and when,” Wah said in his interview with Politico. “Because there already are a tremendous number of data breaches that are occurring in health care today.”