Stewart Air Force Air National Guard (July 19, 2023) – Cyber attacks on the healthcare industry have become more frequent over the years as it ranks within the top three of the most vulnerable industries subjected to phishing schemes, ransomware and an increasing susceptibility to online crime. A recent U.S. Office for Civil Rights study has found more than 51 million records have been stolen online in 2022.
Unfortunately, military medical records are not immune to this threat.
In an effort to help eradicate this crime, Navy corpsmen assigned to the Marine Innovation Unit (MIU) recently participated in a Cyber Seminar under the leadership of Cmdr. Janette Arencibia, Marine Corps Reserve Force deputy surgeon. The MIU is an all-volunteer team from diverse backgrounds working in advanced technology, academia, and maker spaces to modernize the Marine Corps.
Arencibia acknowledged the need to protect healthcare information and emphasizes the importance of hardened healthcare information networks and protected medical data.
“While the protection of health information is governed by the Health Information Privacy and Portability Act, or ‘HIPPA,’ our health data primarily resides online within various online systems,” said Arencibia. “The number-one threat to healthcare data has fast become cyber attacks, and phishing is the number-one tradecraft used by threat actors to gain access to our health information.”
Petty Officer First Class George Garza and Petty Officer Second Class John Ortiz agree. As corpsmen who assist Marines at MIU to develop innovative concepts in cyberspace, their emphasis on cybersecurity is constant.
“The number-one threat to healthcare data has fast become cyber attacks, and phishing is the number-one tradecraft used by threat actors to gain access to our health information.”Cmdr. Janette Arencibia, Force Deputy Surgeon, U.S. Marine Corps Forces Reserve
“Educational aspects of opening our eyes to new and potential vulnerabilities associated with our private medical information is becoming increasingly important,” says Garza, a corpsman who works to assure Marines and Sailors have access to health information and understand how to navigate the healthcare system.
To protect against known cyber vulnerabilities, health care providers and patients should: reinforce provider and service member cyber awareness as it pertains to medical information; understand the threat environment and common hacker tactics (e.g., phishing scams); install updates on all devices used to store or access medical information; minimize access and maintain limited control of online medical accounts; and assure account access is hardened with dual authentication methods when possible.
Current trends include breeching health information systems to collect personal identifiable information, which is then used to access financial information. Cyber these have found phishing scams that utilize mock medical record log landing pages as an effective way to steal information.
“There are instances of cyber-attacks rendering healthcare systems helpless,” said Arencibia, who is currently completing the Cyber program at Villanova University. “We need more healthcare administrators and health IT developers to understand the importance of hardened networks during the software development process for continued integrity of medical information.”
As the healthcare industry continues to adopt innovative concepts, every Marine and Sailor are responsible to adhere to the Department of Defense General Military Training requirements and remain current on threat actor tradecraft.
For more information on safeguarding your PII or online medical records, visit https://www.osec.doc.gov/opog/privacy/pii_bii.html.
(U.S. Marine Corps Story by: U.S. Navy Cmdr. Janette Arencibia)