Why bots pose an increasing challenge to healthcare organizations

Hackers are using them to gain control of computers or information systems, says Reid Tatoris.


Norton Security describes bots as Internet robots, also called spiders, crawlers and web bots.

Healthcare organizations are beginning to look to bots to perform automated tasks, such as indexing a search engine.

However, these automated applications also can be used maliciously as malware and gain total control of a computer or information systems.

After a bot is in an environment, it can access insurance accounts, provider organization accounts, patient portal accounts and vendor accounts, says Reid Tatoris, vice president of product outreach at Distil Networks, a cybersecurity company specializing in bot detection and mitigation.

A hacker can use a bot to access accounts and find test results; financial information such as bills; payments made through debit, credit or health savings accounts; and patients’ Social Security numbers, he says.



That information can include more than just basic health information, he adds. A bot may cull insurer information from a patient, for example, and find whether a patient has a mortgage, doctors that the patient has seen, personal health information, medications and the pharmacies that a patient uses. It’s a perfect recipe for identity theft, Tatoris contends.

“If a patient has a prescription for opioids, the hacker can see that, grab the prescription, go to the patient’s pharmacy, state the patient’s name and address, and walk out with the opioids,” says Tatoris. “Anyone with PHI online is a target.”

Also See: Partners Healthcare notifies 2,600 patients after malware attack

Ten years ago, hackers were setting up bots in Russia, but neither the bots nor the perpetrators were sophisticated, Tatoris explains. Today, bots are attacking medical devices and using individuals’ own computers to attack other victims. And it’s difficult to block a bot because the location of the bot can change every day.

Fortunately, there are some steps that can make a hacker’s task more difficult, such as having multiple strong passwords. If an individual uses the same password for accessing insurance information and accessing an account at a Target store, those are now known sites to a hacker, who can use the password to find more sites.

Healthcare organizations routinely monitor web traffic coming into a facility, but they may not be monitoring certain metrics, according to Tatoris. Questions to consider include “How frequently are we seeing this user?” “How often is the user moving the mouse?” “Is the user acting like most other users would act, or is the user working very fast in a robotic mode and not acting as a human would act?”

Tatoris contends that providers really should not try fighting the bot war on their own. “There’s no way for a provider to do this; you are not an expert at bots,” he adds. “It’s an arms race, and if you see bots on your site, it turns into a game of whack-a-mole,” indicating that it’s difficult to keep up with an automated application that disappears and then reappears somewhere else in a system.

More for you

Loading data for hdm_tax_topic #better-outcomes...