The independent newspaper of the University of Iowa community since 1868

The Daily Iowan
The independent newspaper of the University of Iowa community since 1868

The Daily Iowan
The independent newspaper of the University of Iowa community since 1868

The Daily Iowan
Top Stories
Doug Collins and the Receptionists bring country-pop sound to IC
Bill to cut dozens of Iowa’s boards and commissions headed to governor
Iowa Gov. Kim Reynolds signs law helping Boy Scout sexual abuse survivors
Politics Notebook | Iowa House lawmakers approve raise for statewide elected officials
Iowa football notebook | Coordinators update schemes, personnel, position battles
Advertisement

Health hack reaches IC

March 30, 2016
Cyber+security+concept+with+lock
Cyber security concept with lock

By Anis Shakirah Mohd Muslimin
[email protected]

As a national epidemic of health-care hacking goes local, network security experts say they anticipate the national trend of cyber attacks to continue to rise this year.

Iowa City’s Mercy Hospital is the latest victim in a stream of computer virus infections across the nation.

“One of the predictions we made in our 2016 predictions is that extortion is going to increase,” said Jon Clay, the senior global marketing manager at Trend Micro. “And this is a form of extortion, they are extorting organizations for ransom by encrypting files or making systems inaccessible. So we don’t see this diminishing any time soon.”

According to the Identity Theft Resource Center, the number of U.S. data breaches tracked in 2015 totaled 781, the second highest year on record since the ITRC began tracking breaches in 2005.

Clay said the high infection rates on organizations means it has been fairly easy for hackers to intercept different groups. He said a lot of the traditional technologies, such as emails, are being by-passed by these threats.

“The rise of ransomware attacks aimed at hospitals over the last several months indicate that cybercriminals are increasingly targeting patient information due to its valuable nature,” said Zubair Shafiq, a UI computer-science professor who does research on computer and network security.

According to a press release by Mercy Hospital, Mercy Iowa City notified affected patients on March 25 about a privacy breach that occurred on Jan. 26.

Mercy wrote it immediately took steps to secure the computer systems and began an internal investigation, including working with a leading forensics firm to assist with the investigation, the press release said.

Recently, Methodist Hospital, located in western Kentucky, came under a ransomware attack. Ransomware is a type of malware that restricts access to the infected computer system in some way. Hackers would demand the user pay a ransom to the malware operators to remove the restriction.

Hollywood Presbyterian Medical Center in Los Angeles was attacked on Feb. 5, the attack resulted in a two-week standoff, which ultimately ended with the institution paying a $17,000 ransom.

The most recent attack alongside Mercy was the March 28 attack on MedStar Health — a not-for-profit health-care organization in Washington. A virus attacked the computer network of the organization, forcing the medical network to shut down its online database. 

“It’s important that the vendor of the software fixes the bugs in the software as soon as possible.” Shafiq said. “Attackers hope they can launch attacks on software which have zero dead bugs.”    

Medical institutions are the current targets of cyber hackers because hospitals have information that is very important and valuable, such as electronic data, personal health information and financial data, Clay said.

The critical systems of hospitals, he said, also make it susceptible to hackers.

“Hospitals, governments, and financial-services organizations are ideal targets for the cybercriminal today because they house highly valuable personal and mission critical information,” said Michael Zofkie, the Midwest regional sales director of Comodo, a privately held group of security companies providing computer software and SSL digital certificates.

The bottom line is, Zofkie said, for IT departments to focus their shift from detection of a cyber attack to prevention of a cyber attack, which requires them to install modern, secure web gateways and advanced endpoint protection solutions that can stop malware and cyber attacks.

The need to comply with strict federal regulations such as HIPAA, Shafiq said, also makes it harder for medical institutions to change and update their software.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information.

“And remember all software are susceptible to attacks, there is no secure software,” he said. “So when people find out there are different bugs in a software, if they cannot quickly patch those software, it’s a problem.”
More to Discover
More in News
A crowd enters Brothers Bar and Grill on the Ped Mall in Iowa City on Thursday, April 4, 2024.
Iowa City bar crawls to raise money for charity foundations
The Johnson County Historic Poor Farm is seen in Iowa City on Thursday, April 18, 2024. The site will now be an annual field trip stop for ICCSD sixth graders.
Iowa City schools partner with Historic Poor Farm to teach students about agriculture
People play hopscotch on a pickleball court in downtown Iowa City on Thursday, April 18, 2024.
IC Downtown District builds pickleball court on Ped Mall for summer
© 2024 Student Publications, Inc. All rights reserved. • FLEX Pro WordPress Theme by SNOLog in