News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

IT Experts Demonstrate How AI and Computer Microphones Can Be Used to Figure Out Passwords and Break into Customer Accounts

Clinical laboratories and pathology groups should be on the alert to this new digital threat; telehealth sessions and video conferencing calls particularly vulnerable to acoustic AI attacks

Banks may be the first to get hit by a new form of hacking because of all the money they hold in deposit accounts, but experts say healthcare providers—including medical laboratories—are comparably lucrative targets because of the value of patient data. The point of this hacking spear is artificial intelligence (AI) with increased capabilities to penetrate digital defenses.

AI is developing rapidly. Are healthcare organizations keeping up? The hackers sure are. An article from GoBankingRates titled, “How Hackers Are Using AI to Steal Your Bank Account Password,” reveals startling new AI capabilities that could enable bad actors to compromise information technology (IT) security and steal from customers’ accounts.

Though the article covers how the AI could conduct cyberattacks on bank information, similar techniques can be employed to gain access to patients’ protected health information (PHI) and clinical laboratory databases as well, putting all healthcare consumers at risk.

The new AI cyberattack employs an acoustic Side Channel Attack (SCA). An SCA is an attack enabled by leakage of information from a physical computer system. The “acoustic” SCA listens to keystrokes through a computer’s microphone to guess a password with 95% accuracy.

That’s according to a UK study published in IEEE Xplore, a journal of the IEEE European Symposium on Security and Privacy Workshops, titled, “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards.”

“With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever,” wrote UK study authors Joshua Harrison, MEng, Durham University; Ehsan Toreini, University of Surrey; and Maryam Mehrnezhad, PhD, University of London.

Hackers could be recording keystrokes during video conferencing calls as well, where an accuracy of 93% is achievable, the authors added.

This nefarious technological advance could spell trouble for healthcare security. Using acoustic SCA attacks, busy healthcare facilities, clinical laboratories, and telehealth appointments could all be potentially compromised.

“The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output,” wrote Joshua Harrison, MEng (above), and his team in their IEEE Xplore paper. “For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.” Since computer keyboards and microphones in healthcare settings like hospitals and clinical laboratories are completely ubiquitous, the risk that this AI technology will be used to invade and steal patients’ protected health information is high. (Photo copyright: CNBC.)

Why Do Hackers Target Healthcare?

Ransomware attacks in healthcare are costly and dangerous. According to InstaMed, a healthcare payments and billing company owned by J.P. Morgan, healthcare data breaches increased to 29.5% in 2021 costing over $9 million. And beyond the financial implications, these attacks put sensitive patient data at risk.

Healthcare can be seen as one of the most desirable markets for hackers seeking sensitive information. As InstaMed points out, credit card hacks are usually quickly figured out and stopped. However, “medical records can contain multiple pieces of personally identifiable information. Additionally, breaches that expose this type of data typically take longer to uncover and are harder for an organization to determine in magnitude.”

With AI advancing at such a high rate, healthcare organizations may be unable to adapt older network systems quickly—leaving them vulnerable.

“Legacy devices have been an issue for a while now,” Alexandra Murdoch, medical data analyst at GlobalData PLC, told Medical Device Network, “Usually big medical devices, such as imaging equipment or MRI machines are really expensive and so hospitals do not replace them often. So as a result, we have in the network these old devices that can’t really be updated, and because they can’t be updated, they can’t be protected.”

Vulnerabilities of Telehealth

In “Penn Medicine Study Shows Telemedicine Can Cut Employer Healthcare Costs by 25%,” Dark Daily reported a study conducted by the Perelman School of Medicine at the University of Pennsylvania (Penn Medicine) which suggested there could be significant financial advantages for hospitals that conduct telehealth visits. This, we projected, would be a boon to clinical laboratories that perform medical testing for telemedicine providers.

But telehealth, according to the UK researchers, may also be one way hackers get past safeguards and into critical hospital systems.

“When trained on keystrokes recorded using the video-conferencing software Zoom, an accuracy of 93% was achieved, a new best for the medium. Our results prove the practicality of these side channel attacks via off-the-shelf equipment and algorithms,” the UK researchers wrote in IEEE Xplore.

“[AI] has worrying implications for the medical industry, as more and more appointments go virtual, the implications of deepfakes is a bit concerning if you only interact with a doctor over a Teams or a Zoom call,” David Higgins, Senior Director at information security company CyberArk, told Medical Device Network.

Higgins elaborated on why healthcare is a highly targeted industry for hackers.

“For a credit card record, you are looking at a cost of one to two dollars, but for a medical record, you are talking much more information because the gain for the purposes of social engineering becomes very lucrative. It’s so much easier to launch a ransomware attack, you don’t even need to be a coder, you can just buy ransomware off of the dark web and use it.”

Steps Healthcare Organizations Should Take to Prevent Cyberattacks

Hackers will do whatever they can to get their hands on medical records because stealing them is so lucrative. And this may only be the beginning, Higgins noted.

“I don’t think we are going to see a slowdown in attacks. What we are starting to see is that techniques to make that initial intrusion are becoming more sophisticated and more targeted,” he told Medical Device Network. “Now with things like AI coming into the mix, it’s going to become much harder for the day-to-day individual to spot a malicious email. Generative AI is going to fuel more of that ransomware and sadly it’s going to make it easier for more people to get past that first intrusion stage.”

To combat these attacks patient data needs to be encrypted, devices updated, and medical staff well-trained to spot cyberattacks before they get out of hand. These SCA attacks on bank accounts could be easily transferable to attacks on healthcare organizations’ patient records.

Clinical laboratories, anatomic pathology groups, and other healthcare facilities would be wise to invest in cybersecurity, training for workers, and updated technology. The hackers are going to stay on top of the technology, healthcare leaders need to be one step ahead of them.

—Ashley Croce

Related Information:

How Hackers Are Using AI to Steal Your Bank Account Password

A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards

AI Can Steal Passwords with 95% Accuracy by ‘Listening’ to Keystrokes, Alarming Study Finds

New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy

Can A.I. Steal Your Password? Study Finds 95% Accuracy by Listening to Keyboard Typing

Ransomware in Healthcare: What You Need to Know

Hospital 2040: How Healthcare Cybercrime is Predicted to Escalate

30 Crucial Cybersecurity Statistics (2023): Data, Trends and More

Penn Medicine Study Shows Telemedicine Can Cut Employer Healthcare Costs by 25%

Despite Technical Challenges During COVID-19 Pandemic, Healthcare Networks Plan to Increase Investment in Telehealth Technologies

Survey shows more than 50% of hospitals and health systems plan to increase virtual care services within two years, a development that can change how patients access clinical laboratory testing services

If anything positive came out of the COVID-19 pandemic, it’s the growing acceptance by physicians and health payers of telehealth—including telepathology, teleradiology, and other types of virtual doctor visits—as a way for patients to meet with their physicians in place of in-office healthcare.

In earlier coverage about the rapid adoption of telehealth and virtual doctor visits, Dark Daily has observed that this trend creates a unique challenge for clinical laboratories. If the patient has a virtual consultation with his or her physician, how would a clinical laboratory get access to this patient to do a venipuncture and collect the samples necessary to perform the medical laboratory tests ordered by the physician?

Additionally, the path forward in telehealth may have other barriers to overcome. In “The Pandemic Made Telemedicine an Instant Hit. Patients and Providers Feel the Growing Pains,” Kaiser Health News (KHN) suggested that the virtual office visit may not have been as easy for patients as news headlines made them appear to be.

Nevertheless, according to multiple reports, healthcare providers are planning to increase investment in telehealth technologies.

Disparate Technologies Led to Technical Difficulties for Virtual Healthcare Providers

The terms telemedicine and telehealth are often used interchangeably. However, according to the American Academy of Family Physicians (AAFP), there are subtle differences worth noting.

Telehealth is a broad term which refers to “electronic and telecommunications technologies and services used to provide care and services at-a-distance [while] telemedicine is the practice of medicine using technology to deliver care at a distance.

“Telehealth is different from telemedicine in that it refers to a broader scope of remote health care services than telemedicine. Telemedicine refers specifically to remote clinical services, while telehealth can refer to remote non-clinical services,” the AAFP notes.

Kelly Lewis, former Vice President of Revenue Strategy and Enablement at telehealth provider Amwell, told Healthcare IT News (HIT News) that “the COVID-19 pandemic caused telehealth adoption to skyrocket.

However, “Because much of this adoption was driven out of an abundance of necessity, there was little time for organizations to think strategically about their technology investments,” she added.

“With urgency at a high, payers, provider organizations and clinicians all turned to the quickest options available so patients could continue to get care. The result, however, was what we are calling platform ‘sprawl’—the use of a number of disparate solutions that are leading to a confusing and frustrating care delivery system and experience.”

Nevertheless, according to a survey conducted by HIT News and HIMSS Analytics, “More than half (56%) of hospital and health system leaders say they are planning to increase their investment in telemedicine during the next two years.” This, “shows that the huge surge in and mainstreaming of telehealth during the ongoing pandemic has caused the C-suite and other healthcare leaders to embrace the technology that has for so long existed on the periphery of medicine,” HIT News noted.

“The clear message is that telehealth is here to stay and will continue to expand,” Lewis told HIT News, adding, “The majority of payers without virtual care offerings also reported planning to add them in the next 24 months.”

Kelly Lewis

“Clinicians agree that moving toward a fully integrated telehealth platform would be beneficial. More than 80% believe investing in a fully integrated virtual or hybrid care system would have a positive impact on clinical outcomes and patient experiences,” Kelly Lewis (above), former VP at telehealth provider Amwell, told Healthcare IT News. Considering the growing demand for telehealth, pathologists and clinical laboratories will need a strategy for supporting virtual healthcare providers. (Photo copyright: Healthcare IT News.)

The HIT News/HIMSS Analytics survey findings suggest telehealth will transition as providers aim for “smart-growth” instead of “pandemic-fueled expediency,” Becker’s Hospital Review reported.

Survey respondents expressed positive attitudes about telehealth:

  • 56% of healthcare leaders plan to increase investment in virtual care over the next two years.
  • 80% of respondents noted “very” or “extremely” important telehealth factors are integrating with existing workflows, fast video connections, and reducing administrative burden.
  • 77% called telehealth platform integration with the electronic health record (EHR) “very” or “extremely” important.
  • 80% envision positive clinical outcomes and patient experiences from a fully integrated telemedicine platform.
  • 75% of payers said a single digital platform has potential to streamline member experiences.

Investors Eye Telehealth

Healthcare providers are not the only organizations mining telehealth’s potential. Worldwide telehealth investments grew to $5B in the second quarter of 2021. This represented a 169% increase from the same time in 2020, reported an American Hospital Association Center for Health Innovation Market Scan that covered a CB Insights report, titled, “State of Telehealth Q2’21 Report: Investment and Sector Trends to Watch.”

“With telehealth visits stabilizing at roughly 10 times pre-pandemic levels, digital transformation initiatives are rising across the field. As a result of the pandemic, 60% of healthcare organizations are adding new digital projects, with telemedicine becoming a higher priority for 75% of executives (vs. 42% in 2019) to improve the patient experience,” the AHA reported.

As Dark Daily covered in “Cigna Subsidiary Evernorth Acquires MDLIVE as Demand for Telehealth Grows Among Insurers and Healthcare Consumers,” the COVID-19 pandemic has elevated virtual care into the mainstream, creating opportunities to increase access to care, including clinical laboratory testing, and drive down healthcare costs.

Medical laboratories and anatomic pathology groups are advised to keep pace with the changing healthcare landscape which increasingly puts a premium on remote and virtual visits. This has become even more critical as healthcare providers and investors infuse more capital into telehealth technology.

As physicians expand telemedicine virtual office visits post-pandemic, a clinical laboratory strategy to reach patients and acquire specimens will be required.

—Donna Marie Pocius

Related Information:

The Pandemic Made Telemedicine an Instant Hit. Patients and Providers Feel the Growing Pains

New HHS Study Shows 63-fold Increase in Medicare Telehealth Utilization During Pandemic

Most Provider Organizations Boosting Telehealth Investments, Survey Finds

Amwell Industry Telehealth Survey Paints Picture of an Integrated Streamlined Digital Care Future

Insights From Amwell’s 2021 Survey of Health Plans, Hospitals and Health Systems, and Clinicians

Telehealth Investment Shifts Signal Market Maturity

CBC Insights: Telehealth Trends 2021

Cigna Subsidiary Evernorth Acquires MDLive as Demand for Telehealth Grows Among Insurers and Healthcare Consumers

;