News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

IT Experts Demonstrate How AI and Computer Microphones Can Be Used to Figure Out Passwords and Break into Customer Accounts

Clinical laboratories and pathology groups should be on the alert to this new digital threat; telehealth sessions and video conferencing calls particularly vulnerable to acoustic AI attacks

Banks may be the first to get hit by a new form of hacking because of all the money they hold in deposit accounts, but experts say healthcare providers—including medical laboratories—are comparably lucrative targets because of the value of patient data. The point of this hacking spear is artificial intelligence (AI) with increased capabilities to penetrate digital defenses.

AI is developing rapidly. Are healthcare organizations keeping up? The hackers sure are. An article from GoBankingRates titled, “How Hackers Are Using AI to Steal Your Bank Account Password,” reveals startling new AI capabilities that could enable bad actors to compromise information technology (IT) security and steal from customers’ accounts.

Though the article covers how the AI could conduct cyberattacks on bank information, similar techniques can be employed to gain access to patients’ protected health information (PHI) and clinical laboratory databases as well, putting all healthcare consumers at risk.

The new AI cyberattack employs an acoustic Side Channel Attack (SCA). An SCA is an attack enabled by leakage of information from a physical computer system. The “acoustic” SCA listens to keystrokes through a computer’s microphone to guess a password with 95% accuracy.

That’s according to a UK study published in IEEE Xplore, a journal of the IEEE European Symposium on Security and Privacy Workshops, titled, “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards.”

“With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever,” wrote UK study authors Joshua Harrison, MEng, Durham University; Ehsan Toreini, University of Surrey; and Maryam Mehrnezhad, PhD, University of London.

Hackers could be recording keystrokes during video conferencing calls as well, where an accuracy of 93% is achievable, the authors added.

This nefarious technological advance could spell trouble for healthcare security. Using acoustic SCA attacks, busy healthcare facilities, clinical laboratories, and telehealth appointments could all be potentially compromised.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” wrote Joshua Harrison, MEng (above), and his team in their IEEE Xplore paper. “For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.” Since computer keyboards and microphones in healthcare settings like hospitals and clinical laboratories are completely ubiquitous, the risk that this AI technology will be used to invade and steal patients’ protected health information is high. (Photo copyright: CNBC.)

Why Do Hackers Target Healthcare?

Ransomware attacks in healthcare are costly and dangerous. According to InstaMed, a healthcare payments and billing company owned by J.P. Morgan, healthcare data breaches increased to 29.5% in 2021 costing over $9 million. And beyond the financial implications, these attacks put sensitive patient data at risk.

Healthcare can be seen as one of the most desirable markets for hackers seeking sensitive information. As InstaMed points out, credit card hacks are usually quickly figured out and stopped. However, “medical records can contain multiple pieces of personally identifiable information. Additionally, breaches that expose this type of data typically take longer to uncover and are harder for an organization to determine in magnitude.”

With AI advancing at such a high rate, healthcare organizations may be unable to adapt older network systems quickly—leaving them vulnerable.

“Legacy devices have been an issue for a while now,” Alexandra Murdoch, medical data analyst at GlobalData PLC, told Medical Device Network, “Usually big medical devices, such as imaging equipment or MRI machines are really expensive and so hospitals do not replace them often. So as a result, we have in the network these old devices that can’t really be updated, and because they can’t be updated, they can’t be protected.”

Vulnerabilities of Telehealth

In “Penn Medicine Study Shows Telemedicine Can Cut Employer Healthcare Costs by 25%,” Dark Daily reported a study conducted by the Perelman School of Medicine at the University of Pennsylvania (Penn Medicine) which suggested there could be significant financial advantages for hospitals that conduct telehealth visits. This, we projected, would be a boon to clinical laboratories that perform medical testing for telemedicine providers.

But telehealth, according to the UK researchers, may also be one way hackers get past safeguards and into critical hospital systems.

“When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms,” the UK researchers wrote in IEEE Xplore.

“[AI] has worrying implications for the medical industry, as more and more appointments go virtual, the implications of deepfakes is a bit concerning if you only interact with a doctor over a Teams or a Zoom call,” David Higgins, Senior Director at information security company CyberArk, told Medical Device Network.

Higgins elaborated on why healthcare is a highly targeted industry for hackers.

“For a credit card record, you are looking at a cost of one to two dollars, but for a medical record, you are talking much more information because the gain for the purposes of social engineering becomes very lucrative. It’s so much easier to launch a ransomware attack, you don’t even need to be a coder, you can just buy ransomware off of the dark web and use it.”

Steps Healthcare Organizations Should Take to Prevent Cyberattacks

Hackers will do whatever they can to get their hands on medical records because stealing them is so lucrative. And this may only be the beginning, Higgins noted.

“I don’t think we are going to see a slowdown in attacks. What we are starting to see is that techniques to make that initial intrusion are becoming more sophisticated and more targeted,” he told Medical Device Network. “Now with things like AI coming into the mix, it’s going to become much harder for the day-to-day individual to spot a malicious email. Generative AI is going to fuel more of that ransomware and sadly it’s going to make it easier for more people to get past that first intrusion stage.”

To combat these attacks patient data needs to be encrypted, devices updated, and medical staff well-trained to spot cyberattacks before they get out of hand. These SCA attacks on bank accounts could be easily transferable to attacks on healthcare organizations’ patient records.

Clinical laboratories, anatomic pathology groups, and other healthcare facilities would be wise to invest in cybersecurity, training for workers, and updated technology. The hackers are going to stay on top of the technology, healthcare leaders need to be one step ahead of them.

—Ashley Croce

Related Information:

How Hackers Are Using AI to Steal Your Bank Account Password

A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards

AI Can Steal Passwords with 95% Accuracy by ‘Listening’ to Keystrokes, Alarming Study Finds

New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy

Can A.I. Steal Your Password? Study Finds 95% Accuracy by Listening to Keyboard Typing

Ransomware in Healthcare: What You Need to Know

Hospital 2040: How Healthcare Cybercrime is Predicted to Escalate

30 Crucial Cybersecurity Statistics (2023): Data, Trends and More

Penn Medicine Study Shows Telemedicine Can Cut Employer Healthcare Costs by 25%

Hospitals, Pathology Groups, Clinical Labs Struggling to Collect Payments from Patients with High-Deductible Health Plans

Challenges getting paid likely to continue as high deductibles make patients responsible for paying much more of their healthcare bills

Rising out-of-pocket costs for healthcare consumers is translating into increasing amounts of red ink for hospitals and healthcare providers struggling to collect bills from patients with high-deductible health plans (HDHPs). Clinical laboratories and pathology groups are unlikely to be immune from these challenges, as increasing numbers of patients with smaller healthcare debts also are failing to pay their bills in full.

That’s according to a recent TransUnion Healthcare analysis of patient data from across the country. It revealed that 99% of hospital bills of $3,000 or more were not paid in full by the end 2016. For bills under $500, more than two-thirds of patients (68%) didn’t pay the full balance by year’s end (an increase from 53% in 2015 and 49% in 2014). The study also revealed that the percentage of patients that have made partial payments toward their hospital bills has fallen dramatically from nearly 90% in 2015 to 77% in 2016.

Increased Patient Responsibility Causing Decrease in Patient Payments

“The shift in healthcare payments has been taking place for well over a decade, but we are seeing more pronounced changes in how hospital bills are paid during just the last few years,” Jonathan Wilk, Principal for Healthcare Revenue Cycle Management at TransUnion (NYSE:TRU), said in a statement.

Millions of Americans are in high-deductible health plans. And, as the graphic above illustrates, that number has been increasing since the ACA was signed into law in 2010. (Graphic copyright: Reuters.)

While the Affordable Care Act (ACA) has increased the number of Americans receiving medical coverage through Medicaid or commercial insurance, TransUnion noted in its statement that hospitals still wrote off roughly $35.7 billion in bad debt in 2015. By 2020, TransUnion predicts that figure will continue to rise, with an estimated 95% of patients unable to pay their healthcare bills in full by the start of the next decade.

“Higher deductibles and the increase in patient responsibility are causing a decrease in patient payments to providers for patient care services rendered. While uncompensated care has declined, it appears to be primarily due to the increased number of individuals with Medicaid and commercial insurance coverage,” John Yount, Vice President for Healthcare Products at TransUnion, said in the TransUnion statement.

Collecting Patients’ Out-of-Pocket Costs Upfront

According to Reuters, hospitals in states that did not expand Medicaid under Obamacare have witnessed a more than 14% increase in unpaid bills as the number of people using health plans with high out-of-pocket costs increased. For hospitals in those states, HDHPs are impacting their bottom lines.

“It feels like a sucker punch,” declared Chief Executive Officer John Henderson of Childress Regional Medical Center, Texas Panhandle Region, in a Bloomberg Business article. “When someone has a really high deductible, effectively they’re still uninsured, and most people in Childress don’t have $5,000 lying around to pay their bills.”

A recent report from payment network InstaMed found that 72% of healthcare providers reported an increase in patient financial responsibility in 2016, a trend that coincides with a rise in the average deductible for a single worker to $1,478, more than double the $735 total in 2010.

In response to the increase in patient responsibility, hospitals and other providers are turning to new tactics for collecting money directly from patients, including estimating patients’ out-of-pocket payments and collecting those amounts upfront.

Hospital Systems Offer Patients Payment Options

Venanzio Arquilla is the Managing Director of the healthcare practice at The Claro Group, a financial management consultancy in Chicago. In an interview with Crain’s Chicago Business, he stated that hospitals are working overtime to get money from patients, particularly at the point of service.

“Hospitals have gotten much more aggressive in trying to collect at time of service, because their ability to collect on self-pay amounts decreases significantly when the patient leaves the building,” Arquilla noted. “You can’t say, ‘Give me your credit card’ to someone in the emergency room bleeding from a gunshot wound, but you can to someone going in for an elective procedure.”

Revenue loss due to unpaid medical bills among states that complied with Medicaid Expansion under the ACA has increase so dramatically, some hospitals are now offering patients prepayment discounts and no-interest loans to ensure payments. Clinical laboratories and anatomic pathology groups should develop strategies to respond to the increase collections from patients at the time of service. (Graphic copyright: Reuters.)

Richard Gundling, a Senior Vice President at the Healthcare Financial Management Association (HFMA), told Kaiser Health News that an estimated 75% of healthcare and hospital systems now ask for payment at the time services are provided. To soften the blow, some healthcare systems are providing patients with a range of payment options, from prepayment discounts to no-interest loans.

Novant Health, headquartered in North Carolina, is among those healthcare systems offering patients new payment strategies. Offering no interest loans to patients has enabled Novant to lower its patient default rate from 32% to 12%.

“To remain financially stable, we had to do something,” April York, Senior Director of Patient Finance at Novant Health, told Reuters. “Patients needed longer to pay. They needed a variety of options.”

Providers Must Adapt to New Patient Procedures

“Doctors need to understand the landscape has changed. A doctor’s primary concern use

to be whether a patient had insurance. Now, it’s the type of insurance,” Devon M. Herrick, PhD, a Senior Fellow at the National Center for Policy Analysis (NCPA) in Dallas, told Medical Economics.

While clinical laboratories and anatomic pathology groups traditionally have not collected money directly from patients, Herrick says healthcare providers must accept that the rules of the game have changed. “Patients are more cost-conscious now. That means patients will question their physicians about costs for procedures,” he adds.

Dark Daily has advised clinical laboratories in the past to develop tools and workflow processes for collecting payments upfront from patients with high-deductible health plans (See, “Growth in High Deductible Health Plans Cause Savvy Clinical Labs and Pathology Groups to Collect Full Payment at Time of Service,” Dark Daily, July 28, 2014). Not doing so can amount to millions of dollars in lost revenue to the medical laboratory industry.

—Andrea Downing Peck

Related Information:

Bad Debt Is the Pain Hospitals Can’t Heal as Patients Don’t Pay

Out of More Pockets

Patients May be the New Payers, But Two in Three Do Not Pay Their Hospital Bills in Full

Feel Like the Hospital Is Shaking You Down Over that Bill? It Probably Is

The Seventh Annual Trends in Healthcare Payments Report Is Here

Doctors and Hospitals Say, ‘Show Me the Money’ before Treating Patients

Ballooning Bills: More US Hospitals Pushing Patients to Pay before Care

Growth in High Deductible Health Plans Cause Savvy Clinical Labs and Pathology Groups to Collect Full Payment at Time of Service

Higher Annual Deductibles and Co-Payments Cause Hospitals to Intensify Efforts to Collect Directly from Patients; Medical Laboratories Now Feel Similar Financial Squeeze

Because of Sizeable Deductibles, More Patients Owe More Money to Clinical Pathology Laboratories, Spurring Labs to Get Smarter about Collecting from Patients

;