Clinical laboratories are particularly tasty targets for cybercriminals seeking the abundance of protect health information contained in patient electronic health records
Recent data from cybersecurity company Netwrix of Frisco, Texas, shows that 84% of healthcare organizations—including clinical laboratories and pathology groups—caught at least one cyberattack in the past year and “69% of them faced financial damage as a result.” That’s according to the company’s latest Hybrid Security Trends Report which notes that 24% of healthcare organizations are “fully cloud-based,” as opposed to just 11% of non-healthcare industries.
“Phishing was the most common type of incident experienced on premises, similar to other industries. Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise,” the Netwrix report notes.
Phishing, where cybercriminals send fake emails and texts to unsuspecting employees that trick them into providing private information, continues to be one of the most prevalent cyberthreats experienced by healthcare organizations and often serves as the catalyst for much larger and more dangerous cyberattacks.
This is particularly dangerous in clinical laboratories where as much as 80% of protected health information (PHI) in patients’ electronic health records (EHRs) is laboratory test results and other personal medical data.
“Protected health information (PHI) is one of the most expensive types of data sold on darknet forums, which makes healthcare organizations a top target for cybercriminals, said Ilia Sotnikov (above), security strategist and VP of user experience at Netwrix, in the report. Clinical laboratory patient electronic health records are particularly weighted toward PHI. (Photo copyright: Netwrix.)
Don’t Open That Email!
Typical phishing scams begin with innocent-looking emails from companies that appear to be legitimate and often contain language that implies urgent action is needed on the part of the user. These emails can be very convincing, appear to originate from reputable companies, and usually instruct users to open an attachment contained in the email or click on a link that goes to a known company website. However, the site is a fake.
Once the harmful file attachment is opened, users will be directed to download fake software or ransomware that attempts to capture the user’s personal information. When visiting a malicious website, consumers will often receive pop-ups with instructions for updating information, but the true purpose is to harvest personal data.
Never provide any personal information to an unsolicited request.
If you believe the contact is legitimate, initiate a contact with the organization using verified data, usually via telephone.
Never provide any passwords over the phone or in response to an unsolicited Internet request.
Review any accounts, such as bank statements, often to search for any suspicious activity.
“Healthcare workers regularly communicate with many people they do not know—patients, laboratory assistants, external auditors and more—so properly vetting every message is a huge burden,” said IT security expert Dirk Schrader, VP of security research at Netwrix, in the report. “Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents.”
Top 10 Brands Faked in Phishing Scams
Phishing emails often appear to be from legitimate companies to lull the recipient into a false sense of security. In a January 22 report, Check Point Research (CPR) announced its latest Brand Phishing Ranking for the fourth quarter of 2024. The report reveals the brands that were most frequently impersonated in phishing attacks by cybercriminals for the purpose of stealing personal information from consumers.
According to the CPR report, 80% of disclosed brand phishing incidents occurred within just 10 brands (listed below with each brand’s percentage of phishing attacks). They are:
According to the report, fraudulent domains “replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information. These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.”
Steps Clinical Labs Can Take to Protect Patients’ PHI
Clinical laboratories and pathology groups can take precautions that minimize the risk of allowing cybercriminals access to their patients’ PHI.
“A core defense strategy is to minimize standing privileges by using a privileged access management (PAM) solution. Another is to implement identity threat detection and response (IDTR) tools to quickly block malicious actors using compromised credentials,” said Ilia Sotnikov, security strategist and VP of user experience at Netwrix, in the report.
The threat of phishing scams is a lingering issue that everyone in healthcare should be aware of and take necessary precautions to recognize and prevent having one’s PHI stolen. Clinical laboratory management should constantly remind lab personnel and contractors to be vigilant regarding fake emails and texts from well-known brands that ask for private information.
Consumer demand for health trackers combined with other smartwatch capabilities is driving a trend away from simple health trackers and toward more complex devices, such as the Apple Watch, for their more powerful capabilities
It is still an open question as to whether clinical laboratories will experience an onrush of patient test data streaming at them from healthcare consumer portals and mobile devices. The popularity of wearable fitness/medical technology has been widely touted in the media. Predictions have been that these devices—when coupled with smartphone and tablet applications (apps)—would generate substantial volumes of digital patient data that would be useful for medical laboratories to capture and add to the clinical lab test data of the patients they serve.
But will these predictions of a flood of data from wearable devices become reality? Is this a trend about which medical laboratories should be concerned? Recent statistics provide some insight into these questions. For example, the sales numbers for wearable devices are significant.
Smartwatches Gaining Ground in Wearable Fitness Market
In 2016, 102.4 million wearable devices were sold, which was a 25% increase over the previous year, according to Smart Insights, a publisher for marketers. Now, several sports apparel companies, such as Adidas and Under Armour, are either launching smartwatches with health/fitness-related software and activity trackers, or eliminating their digital fitness business units altogether.
And according to MobiHealthNews, “[today’s] landscape looks awfully different.
“I think the industry is still struggling to find real, meaningful points of reference with consumers,” Dan Ledger, Principal and Founder, Path Collaborative, a Massachusetts consulting firm, told MobiHealthNews. “You hear anecdotes of people who had Fitbit (NYSE:FIT) and lost weight. But it hasn’t really been a success as a market product like a smartphone—like a lot of these companies were expecting when they were reading the tea leaves four or five years ago.”
For example, Adidas reassigned employees working in the fitness watch and sensor-enabled footwear departments to other areas, according to the Portland Business Journal. “We are integrating digital across all areas of our business and will continue to grow our digital expertise but in a more integrated way,” an Adidas spokesperson told Just-Style.
And, Nike announced its intention late last year to abandon the wearables market altogether. “It wasn’t authentic to who we were,” Jordan Rice, Senior Director of Nike NXT Smart Systems Engineering, told MobiHealthNews.
Meanwhile, Under Armour announced in 2017 that it planned to eliminate the UA HealthBox, a wearable device that offered a connected activity tracker, heart rate monitor, and smart scale tools, according to MHealth Spot. Instead, the publication reported, Under Armour was partnering with Samsung on fitness apps:
MyFitnessPal;
MapMyFitness;
Endomondo; and,
UA Record.
More Consumers Strapping on Smartwatches
Fitbit recently released the Fitbit Ionic Watch. According to Fitbit’s website, features include:
Personal coaching;
Heart rate monitor;
All-day activity tracking;
Sleep stages monitoring; and more.
The smartwatch may be the new “smart” way to go, compared to simple activity trackers. Smartwatch manufactures are partnering with biometric monitoring app developers (such as Apple Watch and IBM Watson Health, shown above) to service consumers who need to monitor, capture, and distribute their critical health data. (Photo copyright: Alexey Boldin/Shutterstock.)
Consumer Reports, citing NPD Group market data, noted smartwatches are increasingly becoming the device-of-choice for consumers who gather fitness data. Besides tracking heart rate, some smartwatch apps also release notifications about accomplishment of goals, enable access to e-mail, and more.
Consumer Reports noted:
Smartwatches were used by 17% of US adults in the first quarter of 2015, and the remaining 83% in the demographic used activity trackers;
Smartwatch use jumped to 38% by the fourth quarter of 2017; and,
Smartwatches will rise to 48% of new market purchases by the fourth quarter this year.
Hardware is Hard
Fitness wearable devices have long been touted by the media for their potential to stream critical health data directly to physicians, to patients’ electronic health records, and to medical laboratories. Dark Daily foresaw in 2016 that, when paired with a smartphone or table computer, the momentum of the fitness wearables trend was substantial. For this reason, clinical laboratory managers and pathologists would want to stay current with these developments. However, today it appears companies offering wearable monitoring devices could be finding it more difficult than anticipated to capture the attention of consumers and leverage what the devices do.
In the end, sports apparel companies are not leaving the digital fitness space entirely, but simply adjusting to new consumer demands. Clinical laboratory leaders will want to keep watch on these developments as the trend evolves. The outcome could alter how patient data enters the pathology workflow.
Pathologists and clinical laboratory managers can expect that physicians will want to incorporate digital remote patient monitoring into their clinical practices
Swift advances in technology devoted to fitness-tracking devices used by consumers are creating opportunities for physicians to tap that data to remotely monitor their patients. These pioneering efforts show how even medical laboratory testing functions might eventually be incorporated in these fitness tracking products.
Of course, these devices were created for non-clinical functions. But they do allow doctors to get real-time looks at a patient’s vital signs outside of the traditional office visit. Using these consumer electronic devices for medical purposes is part of the larger trend of marshalling technology to produce better patient outcomes and reduce healthcare costs. (more…)
