ONLINE identity thieves earn 10 times as much on the black market through hacking personal medical data than credit card details, reveals an online safety expert in Spain.
Guillermo Fernández of WatchGuard Iberia says the healthcare industry, both the private and public sector, is 'sorely lacking' in internet security measures and is a long way behind in preventing cyber-attacks.
And hackers who manage to get into personal medical information to sell to online criminal organisations can earn a fortune through their efforts – vastly more than they can for stealing email and online banking passwords or credit card information.
Health services rely too heavily on 'out-of-date firewall systems', Fernández says.
“The medical industry has evolved towards a digital world, increasing its online connections and exposing itself to a huge quantity of new attacks – and its internet security often lags behind its technology,” the IT engineer explains.
“Healthcare software, old and new alike, needs to be thoroughly examined to check for security defects and updated constantly to mitigate future risks.
“Medical industry terminals can be 'patched up' to temporarily solve their known safety weaknesses, just as corporate and personal computers can be. Additional layers of complete defence and deep-level security are necessary practices to help to protect networks and equipment.
“For example, advanced firewall services such as those which fight malware and prevent intrusions at entry points to the internet should be considered as a minimum.”
Fernández warns about accessing confidential patient information on a mobile phone.
“Whilst this is a very comfortable and convenient method, it can put the patient's own security at risk,” he stresses.
The software engineer recommends never choosing the option 'remember password' on healthcare computer systems, and to ensure two separate factors – such as a username and password, rather than just one or the other – be needed to access them.
“That way, if a hacker gets hold of the password, he or she won't be able to enter the system without a username, and vice-versa,” Fernández concludes.