Frequently Asked Question: FAQ:

How big of a threat is cyber-extortion?

Other FAQs

The risk is high. The cost is very high.

Cyber-extortion is increasing at a rate of 350% per year with the health-care sector considered a "juicy" target. Cyber-extortion damage costs will exceed US$5 billion in 2017, up from US$325 million in 2015. Attacks on healthcare organisations will quadruple by 2020.

"Hospitals are the number one target for cybercriminals."

Ransomware has been the most prominent form of cyber-extortion to date however it appears hackers are moving to easier methods as systems are put in place to thwart attempts. The FBI issued a warning that hackers are going after to access to protected health information (PHI) and personally identifiable information (PII) to "intimidate, harass, and blackmail business owners".

Ransomware requires a hacker to be skilled enough to infiltrate a network, whereas intercepting data is a lower bar. With just a phone number, a hacker can intercept text messages from anywhere in the world. An open and unfixable vulnerability in the worldwide mobile phone network infrastructure (SS7) that makes scarily easy. See just how easy in this 60 minutes report.

89% of physicians polled admitted to taking medical images on their smartphones in a 2014 study, up from 65% in a 2012 survey. Anecdotally, the practice of doctors taking photos and sending them via text message is rife.

Consider a scenario where a hacker threatens to reveal patient photos unless they receive $1,000.

  1. The doctor is ethically and legally obligated to notify the patient.
  2. The doctor is legally bound to inform the Office of the Australian Information Commissioner (OAIC) of the privacy breach.
  3. The OAIC can issue the doctor a fine up to $340,000 (or $1,700,000 for institutions), regardless of if there are damages, for insecure practices.
  4. The responsible doctor may face suspension, dismissal or other disciplinary action.

The rampant use of text message for sending patient photos, and the proliferation of crypto-currencies that facilitate untraceable anonymous transactions, mean such a scenario is "very real".

When it comes to sending clinical photos, the solution is simple. Encrypt clinical photos on your device before sending them. That is exactly what PicSafe does.