ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintIcon Twitter

How safe are your medical records from viruses?

A dentist in Tokyo consults with a patient. More patient information is being stored digitally.

TOKYO -- Hospitals have always had to be careful about the spread of infections. But in this modern era of networked healthcare, the danger of viruses has taken on new meaning. Threats from both opportunistic computer viruses and deliberate cyberattacks are part of the new reality.

     Patient charts and other important personal information are now being entered into computers, instead of being written down. At the same time, computer networks are now linking hospitals with local pharmacies and households to provide more medical services to patients at home.

     All of that is good for improving the efficiency of healthcare, but digital records make information more susceptible to hacking.

''White hat'' hacker

Building a bulwark of protective security measures is fast becoming a matter of life and death. One company helping hospitals defend themselves from cyberattacks is IT venture Eyes, Japan in Fukushima Prefecture.

     By acting as a ''white hat'' hacker  -- an ethical hacker -- probing for holes in hospitals' networks, the company wants to help programmers develop security software for medical institutions.

     Eyes, Japan checked for weaknesses in four kinds of software programs used by medical institutions. It discovered 39 holes in the defense where hackers could steal or alter data and gain control remotely.

     Of those gaps, 27 concerned medical records for prescriptions and health insurance claims. Another 11 were related to MRI and other medical imaging devices, and one involved the total healthcare system.

     Large hospitals, such as those affiliated with universities, have implemented strict protocols for handling private patient information. Their networks are closed systems cut off from the Internet, "but even they are vulnerable to attack," said Eyes, Japan President Jun Yamadera.

Danger on our doorstep

More hospitals are introducing tablet computers that connect wirelessly to the hospital server. Those devices are convenient to use, but all a hacker needs to do to steal personal patient information is park outside a hospital and hack its Wi-Fi network.

     If a staff member's personal tablet is unknowingly infected with a virus and that device is connected to a hospital computer, the virus could then spread around the entire hospital.

     It is also not hard to imagine somebody deliberately sticking a USB memory device into a hospital computer to steal information. "The danger is there on our doorstep," said Yasunori Yamamoto, an Oracle Japan executive officer.

     Japan's hospitals have not faced any serious attacks yet, but if the U.S. is any example, it may be just a matter of time. Having started digitizing medical records earlier than Japan, the U.S. is now dealing with unintended consequences. At the start of the year, for example, the country's second-largest health insurer, Anthem, was hacked, putting the records of 80 million people at risk.

     The global healthcare industry was the largest single victim of data breaches in 2014, accounting for 37%, according to the U.S. security software company Symantec. Hackers resold the stolen health data.

     Medical devices themselves are also at risk. In a report released in March, Intel Security Group -- previously known as McAfee -- predicted cybercriminals might begin exploiting vulnerabilities in medical devices to cause harm, for example by "forcing an insulin pump to overdose a patient or instructing a heart implant to deliver a deadly jolt of electricity."

     In Japan, financial institutions and other large corporations are fortifying their defenses against cyberattacks. But medical institutions are a different story. "They are naive," said Eiji Sasahara, a member of the board of the Healthcare Cloud Initiative.

Business opportunities

The very unpreparedness of Japan's healthcare industry creates business opportunities for those who can help it strengthen its defenses against cyberattacks.

     Deloitte Tohmatsu Consulting, a risk-management consultancy, began a service this spring offering to act like a "secret shopper" for hospitals. With client permission, it dispatches employees pretending to be regular people to see what areas of a hospital they can enter. They also masquerade as hospital workers to see if they can get passwords over the phone. The company then combines this with network technologies to propose comprehensive defense strategies.

     Fujitsu, a leading provider of information systems to medical institutions, insists that systems be strictly managed by registering the serial numbers of all terminals in a hospital and denying access from any other devices.

     Japanese IT service provider NEC watches globally for targeted threats to networks and moves quickly to link medical-related systems for centralized management.

     Oracle Japan adopts a method called "defense in depth" for medical institutions in Japan, building security into the data itself for medical charts, health insurance claims, images and other data. With this arrangement, even if there is a breach of the hospital network, the health data itself remains in a form that is unreadable and unalterable.

     As home care becomes more common in Japan, medical networks are spreading wider, linking the central hospital in a region with local clinics, pharmacies, nursing care facilities, and even homes.

     In these far-flung networks, cyberdefense is no longer a problem just for IT companies and government agencies. The dangers will linger until medical institutions wake up to the threat, and even local clinics realize that things are not OK just because their patient information is not directly connected to the Internet.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends January 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more