Who Knows Where That USB Stick Has Been?

Human nature being what it is, curiosity often gets the better of us. Finding random USB sticks brings out that inquisitive quality. After all, they’re small and cute and how dangerous could they be? Here is your warning: Hackers intentionally leave USB sticks where they can be found – offices, parking lots, classrooms, retail stores, you name it. Once inserted into a device – look out. The answer to “what’s on them?” is often “malware” – which is now downloaded onto your device. Surprise – now you know! If you’re at work, simply bring the USB stick to the IT department for further investigation. If you’re on your own and curiosity is rearing its quizzical head, your best bet is simply tossing it in the trash.

Chance USB sticks are just one of several concerns that a recent report by HIMSS (Healthcare Information and Management Systems Society) finds as a security threat to healthcare systems. The HIMSS is a non-profit organization dedicated to information technology and management systems to improve the quality of healthcare. Using technology to improve healthcare safety, cost-effectiveness, and quality is what they’re all about and the vulnerabilities of these systems is a huge concern.

Healthcare is one of the biggest targets for hackers, sometimes holding entire hospitals, devices, and patient records for ransom. A report by the US Department of Health and Human Services finds 477 healthcare breach incidents were reported in 2017, affecting over five million patient records. With this in mind, the HIMSS “June Healthcare and Cross-Sector Cybersecurity Report” investigates several weak spots in healthcare data systems and how to avoid them.

Cybersecurity experts believe the next wave of vulnerability and attacks come from API’s (Application Programming Interface). API’s are often used to build software applications and their integration allows access between apps and services. Healthcare, like many businesses, relies heavily on them to integrate services. Many contain malware and other vulnerabilities just waiting to be exploited. Those using API’s to create apps and software need to be hyper-aware of what exactly is in the API, so it doesn’t end up being a threat to healthcare and other organizations.

Protenus’ Breach Barometer 2017 reports 41% of hacked healthcare information was done by employee error or intention. It’s a troubling mix of employee misconduct and outside hackers plaguing industry data security. It also finds insider-error affected 785,281 patient records. Those are errors that could have been easily avoided – as simply as an employee not opening email from senders they don’t know. If they’re accidentally opened, they should never click on any attachments.

Educating employees about hacking and its methods could end up saving lives. The healthcare industry and its patients are counting on them to be cyber-smart.