Topics
Reimbursement
Senators urge action on physician payment cut before end of lame duck session
Senators urge action on physician payment cut
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
CommonSpirit, University of Utah Health team on access
CommonSpirit, University of Utah Health team on access
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Almost a quarter of Americans underinsured, survey finds
Survey: Almost a quarter of Americans underinsured
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
Express Scripts, Caremark, OptumRx fight back in lawsuit against FTC 
Express Scripts, Caremark, OptumRx sue FTC 
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Dec 05, 2016 More on Risk Management

Expert: Cybercriminals will not only attack healthcare, but they'll profit from it

In addition to harming patients and crippling a healthcare provider, the attacks in the future will cause stock fluctuations that benefit criminals.

Henry Powderly

Scott Borg, chief economist at the U.S. Cyber Consequences Unit. (photo by Henry Powderly)

Healthcare businesses will be exceedingly vulnerable to cyberattacks in the next few years as hackers look to affect financial markets by influencing healthcare stocks, according to Scott Borg, chief economist at the U.S. Cyber Consequences Unit, a think-tank focused on cybersecurity.

Borg, speaking at the Privacy and Security Forum in Boston Monday, admitted that his prediction is dire, but said ignoring it could be far worse.

The way it works is attackers could take a short sale position against a healthcare company's stock and then cause some kind of harm to the business, likely through a cyberattack, leading share prices to fall. So in addition to causing damage, the attackers make millions in profit.

Borg, who said he often looks at how cybercriminals make money through their attacks, said the ways attackers can affect patients is outright scary. In fact, Borg's group learned about these processes by first figuring out how to launch such an attack themselves.

[Also: Hospitals sorely lack cybersecurity workforce, need staff-wide engagement, experts say]

"We figured out how to change IV bag recipes, to change all kinds of details of treatment, we figured out how to alter patient records so there was missing information," he said. "We figured out how to run this kind of attack for many months without any likelihood that it would be discovered. … We could kill thousands of people and we could spread it around and they would only begin to notice this when the insurance people did their actuarial comparisons six months or a year after we started this."

Turning back to the money-making aspect of such an attack, Borg said the criminals could leak very small details of their attack to the public over time so that the damage to the healthcare company's financial standing is hurt over a longer period.

But while Borg said his group is only predicting this kind of attack, he said they have a solid track record of spotting trends, such as the growth of organized crime backing cyberattacks.

"It's hard to put any number of years before somebody sees these things," he said. "We need to start thinking about this now because after something is happening, figuring out how to do something about it then is going to be really costly."

To start, health systems need to take a look at not only the liabilities they have, but also the areas of their businesses that create the most value. Those are likely going to be the biggest targets.

For example, oncology departments are often highly prized in health systems. In addition to being an area that attracts patients from a larger geographic area, the economics of cancer care means it can be a highly profitable part of a health system's business. That means it would make more sense for a system to put resources into protecting that unit before others.

"The way to figure this all out is to think about how much value is created and what substitutes after a cyberattack," he said.

Twitter: @HenryPowderly
Contact the author: henry.powderly@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.