← Back to Insights
June 10, 2015
Download PDF 
David W. Johnson
Innovation Outcomes System Dynamics

Deep Web Rising: Healthcare’s Looming Cyber Threat

A version of this commentary first appeared April 30th in “Academy 360”-Deep Web Rising: Healthcare’s Looming Cyber Threat

Healthcare is a “target-rich” environment for cyber criminals. Cyber attacks on health insurers Anthem and Premera have compromised personal information of one in four Americans.

Accessing health information facilitates identity theft.   Illicit buyers pay over a thousand dollars for robust records with birth dates, addresses, social security numbers, etc.

Foreign governments (e.g. China, Russia) increasingly initiate attacks. Their expansive programs operate with impunity. They apply Advanced Persistent Threats (APTs) that are patient, careful, nuanced and widespread – focusing on employees, sub-contractors and suppliers.

A recent Health Management Academy session identified two kinds of companies, “those that have been hacked and those that don’t know they’ve been hacked.” Anthem receives five to six billion network attacks per month. Roughly two hundred are “serious”.   “Hacked” companies reads like a who’s who of American business: JP Morgan, Target, Home Depot, eBay…

The “Deep Web” Marketplace

 The “deep web” comprises the ninety percent of internet sites without public IP addresses. Google can’t find them. Encrypted search engines enable participants to interact anonymously.

The deep web hosts the largest “black market” ever created with everything from personal information to drugs to child pornography for sale.

Crypto currencies, like Bitcoin, are the final piece of the ecosystem. They enable anonymous peer-to-peer payment exchange.

What Should Health Systems Do?

Hackers breached Anthem’s advanced defenses and remained undetected for months. Like insurers, health systems must protect patient data, but have invested much less in cyber security.

Moreover, cyber security requires significant tradeoffs between protecting data and privacy concerns, data exchange and organizational productivity.

All is not lost. Health systems can respond. Awareness and employee education are essential.   Aware employees spot atypical data patterns that identify cyber attacks. Appropriate encryption, “hack-a-thons” and health system collaboration make sense.

Adopting policies of “least privilege” (pro-active data access) and “assumed compromise” (people are suspect until proven otherwise) are cost-effective methods for bolstering cyber defense.

Fighting the Right War #Against Cyber Threat

After World War I, France built the impregnable Maginot Line to prevent a German infantry attack. It worked. Instead, German panzers raced around the Line and captured France in six weeks.

The U.S. currently allocates one percent of defense spending to combating cyber threats.   That is clearly inadequate. Just last week, the U.S. Office of Personnel announced that hackers had stolen personal information on up to four million federal employees.

This revelation occurred as Congress curtailed the U.S. government’s authority to monitor private conversations. Balancing privacy and security concerns will be an ongoing struggle.

Cyber attacks aren’t going away. The current “Maginot Line” defenses are leaking. To avoid the panzers, governments, corporations and health systems must increase vigilance and confront the emerging cyber threat head-on.

About the Author

David W. Johnson

David Johnson is the CEO of 4sight Health, an advisory company working at the intersection of healthcare strategy, economics, innovation. Johnson is a healthcare thought leader, keynote speaker, and strategic advisor to organizations busting the status-quo to reform our healthcare system. He is the author of Market vs. Medicine: America’s Epic Fight for Better, Affordable Healthcare, and his second book, The Customer Revolution in Healthcare: Delivering Kinder, Smarter, Affordable Care for All (McGraw-Hill 2019). As a speaker, Dave plays the role of rebel, challenger, industry historian, investor and company evaluator to push audiences forward. (Watch bio video.) Johnson applies his 25+ years of investment banking in healthcare to identify ways the healthcare industry must change to deliver better care. He received a Masters in Public Policy from Harvard Kennedy School, an English degree from Colgate University, and served in the African Peace Corp service. Join over 10k+ healthcare executives who read our weekly insights and commentary on www.4sighthealth.com. His third book, Less Healthcare, More Health: The Prescription for a Happier, More Equitable and Productive America, will publish in 2024.

Recent Posts

Podcast: How Healthcare Revolutionaries Think With Melina Davis
Podcast: Melina Davis on Doctors Opening Up About Burnout One of the big problems in healthcare is physician… Read More
By June 20, 2024
Prior Authorization Is a Big Waste of Time 
Prior authorization (PA) has been and continues to be a huge thorn in the side of healthcare providers… Read More
By June 19, 2024
Podcast Playlist: GLP-1 Drugs
Credit where it’s due: 4sight Health’s Julie Murchinson predicted the popularity of GLP-1 drugs long before the mainstream… Read More
By June 18, 2024