The spread of medical misinformation around topics like vaccines and statin medications is increasingly threatening U.S. and global health. In order to combat this, medical, scientific, regulatory and law enforcement organizations must employ an active cyber response plan to mitigate the issue.
In a June 14 article published in the Journal of the American Medical Association, Robert Califf, MD, a cardiologist at Raleigh, N.C.-based Duke University School of Medicine, and Eric Perakslis, PhD, a data scientist research fellow at Duke, explain why the spread of medical misinformation should be treated like a cyberattack.
Drs. Califf and Perakslis identify the internet as one of the leading culprits behind the rapid increase of false medical information, which has caused some people to not vaccinate their children or opt out of taking necessary drugs to stabilize heart conditions.
"A child who needlessly experiences disabilities caused by measles, an adult who dies after stopping a statin despite having high-risk coronary artery disease, and a patient with cancer who ceases chemotherapy in favor of a bogus alternative all are victims of misleading information that is being promulgated on social media and other internet platforms," the authors wrote.
Drs. Califf and Perakslis suggest that the National Institute of Standards and Technology Cybersecurity Framework's five core cybersecurity functions: identify, protect, detect, respond and recover, be applied to medical misinformation.
1. Identify the most essential health information sources for the public and practitioners to use as well as a detailed understanding of medical misinformation threats.
2. Protect healthcare information that is intended to inform the public from damage, destruction, misuse and corruption by using high-level cybersecurity protection.
3. Detect the most harmful forms of medical misinformation, like disinformation and malinformation, and communicate campaigns to cyber threat intelligence aggregators and law enforcement.
4. Respond with appropriate action when a threat is detected.
5. Recover any services that were impaired by a cyberattack. This effort should include improving protections to meet future threats and informing comprehensive educational efforts that educate the public so they can recognize medical misinformation.
To access the full report, click here.