You would think that the last place to learn about the latest cyber threats facing the healthcare industry would be the television show “Grey’s Anatomy.” But a recent episode of the hit show focused on a topic that has become a legitimate issue at hospitals nationwide: a ransomware computer hack.
Does Art Imitate Life?
On the episode, the computers at Grey-Sloan Memorial Hospital were hacked and patient files were held for ransom. While the Grey-Sloan Memorial Hospital staff argued with the FBI over whether or not to pay the ransom, drama ensued that made for great television. But does art imitate life? The truth may be harder to believe.
Hospitals are Targets
In the past year, multiple hospitals have been targeted by hackers using a form of attack called ransomware. You may have heard of the WannaCry cyberattacks in May of 2017. During this hack, cybercriminals (possibly in North Korea) were able to attack thousands of computers across the world and encrypt the data files of those computers. The organizations that were hit with this attack were assured that they would never be able to access their data again unless they paid a ransom, usually in the form of several hundred dollars in bitcoins.
The Impact on Health and Business
First, try to imagine how such an attack would negatively impact a business who would lose thousands of dollars every minute that the files are locked down, and even more money in lost reputation once the hack was determined. Now, imagine what kind of impact that would have on a hospital or health agency.
A Matter of Life or Death
On the television show, the doctors were not able to access patients’ medical files, so they were not able to determine things like past medical history. But for a real hospital, this could be absolutely life-threatening. In theory, doctors, for instance, would not be able to pull up records that show a patient’s drug allergies or current medications. If a patient is conscious, this would be no problem as they could respond to questions. But if a patient is admitted and unresponsive, the doctors depend on those medical records to ensure that they don’t give the patient the wrong medication.
Patients are Most Vulnerable During an Attack
A ransomware attack could also complicate what procedures a patient is being treated for; it could also complicate other larger issues, such as medical transplant waiting lists. Additionally, the fact that hackers can access this data leaves grave questions about identity theft, loss of personal information, and confidential medical information being released without a patient’s knowledge.
To Pay or Not to Pay – That is the Question
This is a real threat. In the United States, one hospital in Kentucky and two in California were impacted by a ransomware attack, although they refused to pay the ransom. Another hospital, Presbyterian Medical Centre in Los Angeles, did pay the ransom, which cost them $17,000. But paying the ransom is not a guarantee that the hospital will get their files back. Nor is it a guarantee that they will not be targeted again later down the line.
Ransomware and similar cyberattacks are a real threat to a variety of institutions, but most definitely to hospitals. In many ways, the next threatening virus that hits a hospital may wind up being a computer virus.