Disaster is not only defined by an act of God, but by those crisis situations that arise due to rogue and state sponsored terrorist groups organized for economic, political, criminal, religious and occult causes.1 Advances in technological sophistication, specifically the invention of the Internet, have not only narrowed the global communication gap, but have opened the back door to a new kind of adversarial attack; cyber terrorism.2,3 To date, there have been no known cyber terrorist attacks in the United States that have resulted in the catastrophic loss of life or physical destruction indicative of a usual terrorist assault.2,3 This leads one to ask, is the threat of a digital Pearl Harbor real or simply confabulated by government, security firms and the media to evoke fear over the possibility of what “might” happen ?2 The technological advancement of complex computer hardware and software including networks and information systems has resulted in technologically dependent countries at greater risk and more susceptible to an unanticipated disruption due to a cyber terrorist assault.2,3 An act of cyber terrorism can be executed remotely and anonymously. It is an opportunity for terrorists to inflict massive physical and structural damage, elicit a psychological impact, and gain media attention, all of which makes a virtual attack so appealing.2,3 Al-Qa’ida and other terrorist groups have already used the Internet to distribute propaganda, collect data on potential targets and weapons, communicate with followers, recruit, raise money, and facilitate operations. They have also advocated the conduct of cyber attacks and engaged in hacking activities.3
The interconnectivity and complexity of the proposed national electronic health record network, no matter how well regulated and/or standardized, creates an environment of susceptible to a cyber terrorist attack. The real question is “Why would a terrorist be interested in hacking into or damaging a national interoperable electronic health record Internet-based system?” The most logical answer is financial gain (i.e. medical identity theft, reimbursement fraud), the not so obvious answer, to create a distraction. A distraction of this magnitude, coupled with a planned violent event(s) sets the stage for mayhem thus crippling emergency response, invoking the psychological impact of mass hysteria and physical destruction with loss of life. All of which could be exploited by the media, furthering the terrorist agenda.
The scientific literature and legal sector deny any possibility of a cyber terrorist in America. This level of ignorance leads one to contemplate if the peer-reviewed literature was in fact funded by government to advance an earlier political agenda denying the existence of cyber terrorism. What is even more interesting are the numerous accounts of scholars depicting terrorist as Western business men in which a cyber attack would not be an efficient use of investment capital. This denial of accountability and projecting Western ideals onto that of a terrorist mindset is not based in reality. To quote Ayn Rand, “Reality, the external world, exists independent of man's consciousness, independent of any observer's knowledge, beliefs, feelings, desires or fears. This means that A is A, that facts are facts, that things are what they are — and that the task of man's consciousness is to perceive reality, not to create or invent it."
On Jan. 25, 2011 legislation was introduced as the Cyber Security and American Cyber Competitiveness Act of 2011, making cyber terrorism an urgent national priority. The act includes safeguards to protect consumers by preventing identity theft and fraud, and guarding against abuses of personal information.4 A national interoperable electronic health records network should be viewed as a component of the nation’s critical infrastructure similar to that of transportation, water and energy; in addition, to being included in any and all applicable cyber terrorism legislation. Taking these facts into consideration, Figure 1, which was originally developed (publication pending) to describe the interplay between public health and transportation, is also applicable to any major infrastructure, including a national interoperable electronic health records network.
 |
|
Figure 1 Created by Karyn M. Warsow, MS, MPH, DrPH Candidate, Johns Hopkins Bloomberg School of Public Health, Department of Policy Management and Leadership (publication pending) |
The conceptual model focuses on the elements involved in infrastructure development and sustainability. The intersecting circles represent the commonalities between the elements with the outer circle, an integrated fiscal and strategic management approach, driving the process. It is the synergy between the component parts that has the greatest impact on the health. As the security of personally identifying information and personal health information continue to be a public concern and the demand for accountability increases, it will be imperative for health care organizations to meet the psychological assurances of information protection along with the physical health care needs of a growing and mobile population. This cannot occur without innovative security measures, effective risk management and investment modeling aimed at curtailing the threat of a potential cyber terrorist attack.
While cyber terrorist threats to the proposed national EHR network may “appear” less likely than a physical attack, it could prove more damaging due to the disruption of technologies and the interconnectivity of the nation’s critical infrastructures.2,3 Thus, the proposed electronic health records network and the threat of a cyber terrorist attack is in fact the elephant in the room.
Submitted by Karyn M. Warsow, MPH, MS, DrPH(c), Johns Hopkins Bloomberg School of Public Health, Department of Policy Management and Leadership
1. Warsow KM, Karna K, Morgan W: Bioterrorism Preparedness: Thinking globally acting locally. Leadership in Public Health Volume 6 (1), Fall 2002:39-48.
2. Cyber Terrorism: How Real is the Threat? United States Institute for Peace (April 14, 2011). Retrieved From: www.usip.org
3. Stohl, M. Cyber Terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games? Crime Law and Social Change. Full article retrieved from: http://www.springerlink.com/content/y816117ww6058jp7/
4. S. 21: Cyber Security and American Cyber Competitiveness Act of 2011 (April 25, 2011). Retrieved From: http://www.govtrack.us/congress/bill.xpd?bill=s112-21