In a recent edition of Electronic Design Europe my editorial column asks the question; "are our medical records safe from hacking?" Recent news from Australia has answered the question; no they are not.
Patient records held at an Australian medical centre have been infiltrated by hackers who have encrypted the data and are now demanding a ransom to decipher the files and return the content to its original form. The ransom demand is £2500 which is pretty small, but what this scam does is illustrate the ease with which this server attack was carried out.
There is however an unusual aspect to this hacking. Typically they are enabled via a virus attack but in this instance the medical centre had adequate antivirus software in place and is certain the attack was not the result of a virus. This was a straightforward hacking of the medical centre's server and subsequent encryption of medical data.
Keeping It Safe
This just one of many major security concerns surfacing regarding the massive amounts of personal data being generated by electronically enabled health monitoring systems. How and where can this data be safely transmitted and stored are topical questions relative to this?
Cloud computing storage is an obvious answer. Industry experts generally agree that hacking into a Cloud is virtually impossible. So data would be safe. That's fine but what about getting the data to and from the Cloud?
This is where a major concern lies regarding patient privacy. We are all monitored when using our computer or mobile communications keyboards but most of what we do, such as personal banking, is reasonably secure. However, the reality is that we are all subject to surveillance by our ISPs and companies like Google. These organisations monitor every keyboard move and this analysis is used to create data that can be employed commercially, for example to increases the effectiveness of marketing campaigns. But what if this surveillance is able to grab medical data and then relay it to insurance companies or to medical supply companies? The implications of this are worrying and could very well require Government legislations to ensure the protection of medical data from attempts to commercially exploit it.
Pay The Ransom
What about the ransom demand being made to the Australian medical centre involved in this latest example of medical record in security? Despite the best efforts of software experts to decode the illegal encryption it looks like the ransom will have be paid; a situation that could have been avoided it adequate encryption of the medical data had employed in the first place