Healthcare and the Threat of Cyber-Terrorism
Cyber-Terrorism and Healthcare
Government and military computer networks in the United States have been repeatedly attacked over a period of several years by China, North Korea, and third parties suspected of working for these two states (Gewitz, 2010). Although most of the known attacks by China and North Korea constituted espionage, denial-of-service attacks and network intrusions to assess network vulnerabilities have also occurred. The denial of service attacks are a form of cyber-terrorism. Acts of cyber-terrorism are not limited to governments and can be committed by individuals and groups, either acting alone or in conjunction with a more traditional terrorist organization. In a recent survey of nearly 8,000 American businesses it was revealed that 1.5 million viruses had been detected in 2005 alone (Rantala, 2005, p. 1), so the scale of the problem is considerable.
HIPAA Security Rule
The seriousness of the cyber-terrorism threat will only increase as society becomes more dependent on computer networks to engage in commercial, social, and government transactions. The recently mandated conversion of protected health information (PHI) to a digital format in the United States created a large target for cyber-terrorists. This vulnerability was anticipated in the form of the HIPAA Security Rule, which mandated that the integrity of PHI be protected from all forms of cyber attacks (Scholl et al., 2008, p. 6-7). The necessity of such a law was demonstrated recently when it was revealed that 67% of the nearly 8,000 businesses surveyed by the Bureau of Justice Statistics in 2005 experienced a cyber attack (Rantala, 2005, p. 1). Of these, 11% represented cyber theft. Two thirds of all detected network intrusions, close to 13 million, were directed towards critical infrastructure businesses like healthcare, utilities, telecommunications, and transportation (Rantala, 2005, p. 5). Of these, healthcare suffered the longest network downtimes. Of the 423 healthcare businesses responding to the survey, 409 suffered a cyber attack. The threat of cyber terrorism to the healthcare industry is therefore real.
Healthcare is becoming a Terrorist Target
Although healthcare may not be the first target most people think of when imagining more traditional terrorist targets, the recent trend of planting secondary bombs by terrorists in the Middle East to target responding police and emergency medical personnel suggests healthcare services represents a viable terrorist target (Clem, Galwankar, and Buck, 2005, p. 273). Besides using a cyber attack to disable or disrupt the ability of emergency services at a hospital or field location to function, cyber attacks could be used to destroy medical records and alter prescriptions maintained as digital files in such a way that lives could be threatened. A cyber attack designed to cripple the ability of emergency services to respond to an emergency could also be used to amplify the destructive effect of a terrorist bombing.
Types of Cyber-Terrorism
You’re 71% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.