Skip to Main Content
Bulletin logo with tagline News and Analysis Shaping the Future of Radiology

Cybercrime: The Invisible Foe

Feb. 22, 2023

In 2021, 66% of healthcare organizations were hit by ransomware, up from 34% in 2020 — a 94% increase over the course of a year.1 More than 590 organizations reported healthcare data breaches to the HHS Office for Civil Rights in 2022, impacting upwards of 48 million individuals. It is not a question of if but when you and your organization and patients might be affected.

As citizens of the 21st century, we spend much of our lives in cyberspace. This is not a physical space. Rather, it’s a construct with a given name: the virtual space in which near-instantaneous sharing of information occurs across global, interdependent networks of IT infrastructures and resident data.

Everyday items including cars, phones and refrigerators are also increasingly joining the so-called Internet of Things.2 Smart devices equipped with voice assistants like Apple’s Siri and Amazon’s Alexa listen in on us, and wearables and smartphones are constantly collecting information on us. Social media and digital networks dominate our professional profiles and personal/family connections. Our work lives occur on digital production systems. An increasingly remote workforce depends on cyberspace to conduct business.

However, cyberspace is also a playground for well-resourced for-profit criminal enterprises, “hacktivists” and nation-state actors pursuing malicious goals, including warfare. International codes of conduct are undefined, and the barriers to entry and competition for cybercriminals are very low, benefitting from an absence of accepted laws, agreements or governing protocols. As a result, any participant of cyberspace simultaneously benefits from and is vulnerable to this network.

The Human Factor

Most cyber incidents are related to human behavior: Human error often enables attacks. Behaviors such as the ever-increasing digital communication across multiple platforms and online shopping are being exploited. The convenience of the latter is correlated with our ever-increasing surrender of personal information, widely shared and stored with our permission. The infamous “one-click” acceptance of “cookies” and convoluted online terms for sharing data is often performed indiscriminately by naïve end users, opening the door to abuse.3 Phishing and SM(S)ishing attempts occur routinely to try to steal credentials for illicit purposes.

How does this impact healthcare? Our organizations render complex, human-based services. Many people of different levels of education and digital awareness work together to care for patients, under one roof and on the same network, from the front desk staff to the chief medical officer. Anyone can become the target of a cyberattack, wittingly or unwittingly. The resulting spread of malicious computer code can encrypt servers, data or both, which can cripple operations, leading to negative results including patient harm and financial losses.

Identity “Crisis”

Our access to sensitive systems, data and networks is typically tied to our role(s) and identity, requiring authentication. Identity spans personal and work life, so it has to be protected. The work step of authentication is an important vulnerability, unless biometric or multifactor authentication (identity proof) is used.

Compromise may result, for example, from careless design and use of passwords or inappropriate response to phishing emails. The digital data-sharing technology that is designed to customize our many online transactions is easily exploited by cyber criminals. To make matters worse, we increasingly use the same devices for leisure and work. Infection of unsecured devices outside your organization with physical connection inside your organization can allow criminals to gain access to your data.

A Digital Medical Specialty

Radiology is the first fully digital medical specialty! Everything is completely dependent on digital technology, from the acquisition of modern-day digital images and their interpretation to the dissemination of results to the point of care. Radiologists create, interpret and store large amounts of sensitive and valuable information. Hence, radiologists have a particular obligation to take cybersecurity seriously since their core mission is tied to it. Radiologists must consider business continuity planning a mission-critical activity to minimize patient harm in times of attack.

It takes a village to protect our organizations and patients from cybercrime. Don’t wait one more day to put a plan in place.

Author

Christoph Wald, MD, PhD, MBA, FACR, chair of the ACR Commission on Informatics

Recommended Reading from the Bulletin

  • Consolidation: Listen, Learn, Adapt, Survive and Thrive

    Meaning different things to different radiology groups, your informed perspective on consolidation is what really matters to ACR.

    Read more
    Man in business suit with arms open wide, on stage with blue lighting, addresses the attendees at the ACR annual meeting

  • Importance of Radiation Therapy

    Join Y. Luh, MD, FACP, FACR, FASTRO, talks about the importance of World Radiotherapy Awareness Day and how it can reduce global health disparities.

    Read more
    A patient lies on a treatment table beneath a large radiation therapy machine, with arms raised and dressed in casual clothing. A healthcare professional in the foreground operates the machine using a remote device. The room features clinical lighting and standard medical equipment.

  • Consolidation: What Does It Mean to You and Your Practice?

    Economies of scale, the ability to adapt and having a clear purpose in practice culture may bolster radiologists’ business and quality care delivery.

    Read more
    A group of medical professionals, stand in a circle with their hands stacked together in the center, symbolizing teamwork and unity. The image is taken from a low angle looking up at the individuals.