Hacker Reconnaissance of a Hospital Network

Abstract

Gone forever are the days when a patient was treated by a single physician. Today, a team of physicians and specialized medical technicians rely on complex medical equipment to diagnose and treat patients. This collaboration is made possible because electronic medical records (EMRs) securely store large amounts of medical and clinical information, which is exchanged electronically among healthcare entities by an industry-specific Medical-Grade Network (MGN). This medical information is susceptible to being stolen or held for ransom and malicious hackers can even take direct control of connected active and passive medical devices over the internet and injure patients. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 provided financial incentives for Medicare and Medicaid providers who become "meaningful users" of EMRs. Among non-federal acute care hospitals, 76 percent were using a "basic" system by 2014. As of May 2015, more than 468,000 Medicare and Medicaid providers (87 percent) have received payments through the HITECH Act, totaling approximately $30.4 billion. 1 As seen in Figure 1-1 , as the implementation of HITECH Act expanded, so has the cost of data breaches at healthcare facilities in the United States. Electronic supplementary material The online version of this chapter (doi: 10.1007/978-1-4842-2155-6_1) contains supplementary material, which is available to authorized users.