game of 'cat and mouse': Hacking attacks on hospitals for patient data increase during coronavirus pandemic
"猫和老鼠"的游戏:冠状病毒大流行期间,针对医院患者数据的黑客攻击在增加
On the day before the July 4 holiday weekend, Mount Auburn Hospital's information technology team identified some unusual activity. Alarmed, they quickly took steps to disconnect the Cambridge hospital's computer system from the internet. They switched to backup manual procedures instead of automatic ones.
在7月4日假期周末的前一天,奥本山医院的信息技术小组发现了一些异常活动。他们感到震惊,但迅速采取措施,将剑桥医院的计算机系统与互联网断开。他们切换到备份手动程序,取代了自动程序。
No patient data was compromised, and the Harvard-affiliated hospital continued its normal operations, according to hospital officials.
医院官员称,患者数据没有泄露,哈佛附属医院继续正常运行。
Such attempted attacks are a daily – if not hourly – occurrence at America's hospitals. And they don’t always end as well as Mount Auburn’s did.
这种未遂袭击每天(如果不是每小时)都在美国的医院发生。他们的结局并不总是像奥本山医院那样幸运。
More than 80% of medical practices have been the victims of cyberattacks, according to a national survey. Over half reported patient safety concerns from the hacks, and 20% said that their business had been interrupted for more than five hours.
根据一项全国性的调查,超过80%的医疗单位是网络攻击的受害者。超过一半的单位报告了黑客对患者安全问题的关注,20%的单位说他们的业务中断了5个多小时。
“That can be the difference between life and death,” said Wendi Whitmore, a cybersecurity expert and vice president of IBM X-Force, a commercial security research team.
"这可能是生与死的区别,"网络安全专家、商业安全研究团队IBMX-Force副总裁文迪·惠特莫尔说。
And the situation has only gotten worse during the months-long coronavirus pandemic, as more employees switched to working from home, and medical facilities were cash-strapped and stretched thin because of COVID-19.
在长达数月的冠状病毒大流行期间,情况只会变得更糟,因为越来越多的员工转而在家工作,而且由于COVID-19的缘故,医疗机构现金短缺,捉襟见肘。
Between March and April, IBM saw a 6,000% increase in spam attacks on information technology systems, leveraging COVID-19, many of them at health care facilities, Whitmore said, describing the situation as a continuous “cat and mouse” game between criminals and institutions.
惠特莫尔说,在3月至4月间,IBM发现利用COVID-19对信息技术系统的垃圾邮件攻击增加了6000%,其中许多发生在卫生保健机构,他形容这种情况是罪犯和机构之间持续的"猫和老鼠"游戏。
Whitmore said there’s been a huge increase in security incidents in recent months, climbing about 75% in North America and 125% in Europe and the Middle East.
惠特莫尔说,近几个月来,安全事件大量增加,北美地区上升约75%,欧洲和中东上升125%。
Seattle Children’s, for instance, saw a doubling of attempted hacking attacks in March, specifically phishing emails, hunting for someone on the staff who would click on a malicious link and allow malware into the health system's network, said Gary Gooden, chief information security officer at the Washington-based health system.
例如,西雅图儿童医院在3月份发生了两倍的黑客攻击未遂事件,特别是猎获点击恶意链接并允许恶意软件进入卫生系统网络的工作人员的网络钓鱼电子邮件,华盛顿卫生系统首席信息安全官加里·古登说。
The reason: Hackers can make a lot of money. Globally, cybercrime adds up to billions of dollars a year, Gooden said.
原因:黑客可以赚很多钱。古登说,从全球来说,网络犯罪每年高达数十亿美元。
Stealing a credit card number might be useful for only a day or two, until the person realizes it and cancels their card. But an electronic medical record is far more valuable.
窃取信用卡号可能只有一两天有用,直到用户意识到这一点并取消他们的卡。但是电子病历更有价值。
The FBI reported in 2014 that a stolen credit card or even social security number was worth just $1 on the black market, while an electronic health record would fetch about $50 – $1,000 if it belonged to a celebrity or public figure.
美国联邦调查局(FBI)在2014年报告说,一张被盗的信用卡甚至社保号码在黑市上的价值只有1美元,而电子健康记录如果属于名人或公众人物,售价约为50美元至1000美元。
Electronic health records, according to the FBI report, can “be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft.” Health record theft also is more difficult to detect, taking almost twice as long to recognize as normal identity theft, the report found.
根据FBI的报告,电子健康记录可以"用于提交欺诈性保险索赔、获取处方药和实行身份盗窃"。报告发现,盗窃健康记录也更难发现,其识别时间几乎是正常身份盗窃的两倍。
Stealing a newborn or toddler’s electronic health record is even more prized, Gooden said, because thieves are rarely caught. “You have a free run for 18 years to utilize these personas.” They also try to steal the identities of children who die at the hospital, hoping they won’t get caught, he said.
古登说,偷新生儿或幼儿的电子健康记录更受青睐,因为窃贼很少被抓获。"你可以有18年的自由运行时间来利用这些角色。他们还试图窃取医院的死亡儿童的身份,并希望他们不会被抓到,他说。
Cybersafety requires eternal vigilance
网络安全需要永远警惕
To protect against these ever-changing approaches, Gooden said, hospitals and medical facilities “have to constantly pivot and stay ahead of the curve in terms of technology and practices.”
古登说,要预防这些不断变化的方法,医院和医疗机构"必须不断在技术和实践方面保持领先。"
Whitmore agrees. She advises institutions to require multi-factor authentication – using a cellphone to corroborate a person's identity – warn staff about spam, back up their most critical information offline, and encrypt patient information.
惠特莫尔同意。她建议机构要求多重认证——使用手机来证实一个人的身份——警告员工有关垃圾邮件,离线备份他们最重要的信息,并加密患者信息。
“It’s about installing a series of tripwires that allow organizations to detect when there are attacks against their environment,” she said. “That buys us time.”
她说:"这就需要安装一系列能够让机构检测到针对其环境进行攻击的具体时间的绊线。这可以为我们争取时间。"
But every medical institution is vulnerable.
但是每个医疗机构都是脆弱的。
“You have to be eternally vigilant,” Zick said. “As long as we’ve got an open internet that is highly unregulated, that’s the downside.”
"你必须永远保持警惕,"齐克说。"只要存在有一个高度不受监管的开放互联网,这就是缺点。"
There’s not much an individual can do to protect their own medical information, Zick and others said, except trust their health care providers to do it for them.
齐克和其他人都说,个人除了相信他们的卫生保健提供者会为他们提供医疗信息之外,在保护自己的医疗信息方面能做的不多。
Zick requests his medical file periodically to ensure he has access to his own records if they were ever lost for good. And he said if he saw a provider acting carelessly with his data – such as not using two-factor authentication – he would offer them some free advice.
齐克会定期要求可以由他自己访问自己的医疗档案,以确保档案永远不会丢失。他说,如果他看到一个供应商不小心处理他的数据——比如不使用双重认证——他会为他们提供一些免费的建议。
热门跟贴