Contrasting Healthcare Cybersecurity Risks Speculation with Reality

How Hackers are Costing Hospitals Millions of Dollars Possibly Hindering Wearable Medical Device and IoT Healthcare Innovations That Could Advance Patient Care

Medical Device Cybersecurity

In our last blog, we discussed an article, “Hackers Will Target Hospitals Like Never Before in 2017.” This time, we are again discussing an article big, scary headline that relates to hackers and healthcare cybersecurity—but with a twist.


The twist is that last week’s headline used the auxiliary verb “will” to speculate about potential cybersecurity risks, as where this week’s past-tense headline reflects on the harsh realities and outcomes of those risks: “Hackers Hit 320% More Healthcare Providers in 2016 than in 2015, Per HHS Data.”


If indeed both headlines are accurate, then a certain logic dictates hackers will hit at least 321% more healthcare providers in 2017 than in 2016. But it’s not the numbers themselves that are most interesting; instead, what’s most interesting is where they came from: the U.S. Department of Health and Human Services.


HHS apparently takes hospital hacking pretty seriously, as illustrated in the article:


“$23,505,300 was paid to the HHS Office for Civil Rights in 2016 to resolve HIPAA violations that occurred at 13 provider organizations during 2012-2013.”


Obviously, HHS’ concern is for the patient privacy—and violations are obviously costly…and presumably getting costlier. After all, if the average fine during 2012–13 was more than $1.8 million, and if the frequency of hacking continues to increase as expected, then presumably, HIPAA violations and the millions of dollars in fines will increase too.


Along with the unfortunate loss of privacy for some patients, there’s also the unfortunate economic reality involved in this: Somebody will have to pay, which usually means the customer (read: patients).


Extending this notion further, there’s also the economic impact on hospitals being willing to adopt new technologies—such as wearable medical devices and IoT healthcare devices—that require access to those same hackable networks and arguably make them more vulnerable. Not only does this hurt patients that might benefit from hospitals that might otherwise be more inclined to adopt wearables, but of course, it arguably slows innovation, which certainly does not benefit medical device designers and developers.


The article adds a point in this context:


“Risks are no longer just about loss or theft of data. The ransomware attacks of 2016 show how security incursions can restrict the availability of health data to providers, impacting their ability to deliver care.”


If there is a silver lining, it’s that healthcare and technological innovation are difficult forces to slow down. From the doctors that commit their lives to healing others to the medical device designers that thrive on making products better, faster, smaller, etc. for those doctors, one can hope that the good guys will continue to keep a step ahead of the bad guys. The pivotal factor, of course, is cybersecurity—a topic we’ve also been following closely in this blog.


However, as we said last week, this leads to the current technological Gordian knot in our industry: Digital security technologies like Blockchain can protect the good guys from the bad guys—but it also can make it harder to protect the good guys from the bad guys. Watch this space for more on this subject…



DeviceLab is an ISO-13485 certified medical device development company that has completed more than 100 medical device design projects of varying complexity—including medical device software development and wireless medical device design services for the newest breeds of medical IoT, mHealth and medical wearables.