First-generation cyber criminals followed a similar pattern when committing their crimes. Using some form of malware that was downloaded to a computer via email or website, they accessed sensitive data, such as personal credit information, including U.S. Social Security numbers. To complete the transaction anonymously, they downloaded a copy of the data by bouncing it off several servers around the planet and then sold that data on the dark internet using an electronic currency known as bitcoin. The recipient of this valuable information then committed fraud by creating as many transactions as possible before the account was shut down. In response to these data breaches, the custodians of our digits generously provided us with one year of credit monitoring.
From strips to chips
To decrease credit card fraud, credit card companies have recently begun replacing our traditional, magnetic-strip credit cards with so called “chipped” cards,” a practice that has been in place outside the United States for years. The user of a non-U.S. chipped card is given the opportunity to select a personal identification number (PIN). The merchant presents the card processing machine to the cardholder. (The card never leaves the sight of the cardholder.) The customer then enters his or her PIN, and the transaction is complete.
To decrease credit card fraud, credit card companies have recently begun replacing our traditional, magnetic-strip credit cards with so called “chipped” cards,” a practice that has been in place outside the United States for years. The user of a non-U.S. chipped card is given the opportunity to select a personal identification number (PIN). The merchant presents the card processing machine to the cardholder. (The card never leaves the sight of the cardholder.) The customer then enters his or her PIN, and the transaction is complete.
 |
| – kaptnali/iStock |
Now broadcasting from your credit card
Instead of protecting us, the chips that have been added to our credit cards now help criminals steal our data by accessing signals broadcast from those chips. Millions of dollars are being spent on migrating to chipped cards in the United States that are inferior and already outdated, compared to those used in other developed countries. Omission of a feature as simple as the ability to enter a PIN has made our data less secure.
Instead of protecting us, the chips that have been added to our credit cards now help criminals steal our data by accessing signals broadcast from those chips. Millions of dollars are being spent on migrating to chipped cards in the United States that are inferior and already outdated, compared to those used in other developed countries. Omission of a feature as simple as the ability to enter a PIN has made our data less secure.
Enter the second-generation cyber criminal. He or she is not a fraudster. No, they have taken the game to the next level. They kidnap data and hold it hostage. The software used by these evildoers is known as ransomware. Like malware, it is downloaded to your computer, as discussed earlier, but a ransomware virus, once downloaded, does not copy your data. Instead, it locks up your system, blocking access to its data and functions. To have your system unlocked, simply fork out a ransom—payable in bitcoin—as instructed by your infected computer.
The first report of a U.S. healthcare system being held hostage by ransomware recently hit the headlines—a full three days after it was reported in the international media, I might add. The victim hospital had to resort to using a paper-based system for more than a week. In the end, the hospital system reportedly paid the ransom, and their systems were freed. It is safe to say this will not be the last of this type of attack on healthcare systems and the valuable data they hold.
Questions in search of answers
Knowing that the evolution of most information technology systems in healthcare lags behind that of the banking industry, I shudder to think about the many difficult questions that lie ahead, all of which require innovative answers.
Knowing that the evolution of most information technology systems in healthcare lags behind that of the banking industry, I shudder to think about the many difficult questions that lie ahead, all of which require innovative answers.
Have we reached the point in time when the client must be the custodian of his, her, or its own data? If so, what technologies will be used? Some PIN-driven smart card? What does this mean for system interoperability? What about amassing big data for research? Is the client responsible for any untoward outcomes resulting from the client not keeping records up to date? What about …? What about …? And what about …?
If the patient is not the custodian of his or her own health data and a healthcare organization is, is that organization liable for any untoward outcomes suffered by the client during a period when the client’s health data is unavailable? Is the healthcare system responsible for a more robust backup system than in the past? Is the healthcare system responsible for providing an updated copy of the client’s medical record at every encounter?
In the face of ever more innovative cyber threats, answers to these questions and many others will ultimately determine where the liability for security lies.
Your thoughts?
For Reflections on Nursing Leadership (RNL), published by the Honor Society of Nursing, Sigma Theta Tau International. Comments are moderated. Those that promote products or services will not be posted.
