Cyber ​​attacks on healthcare are on the rise — but many hospitals are not ready

Last September, infectious disease specialist Hana Akselrod was already on the verge of a COVID-19 pandemic when another crisis broke out. Hackers have deployed ransomware malware (commonly referred to as ransomware) on the web of George Washington University Hospital devices. Akselrod et al. Suddenly lacked resources such as electronic health records to promote quick and efficient care.Like below Colonial Pipeline Ransomware Attack In May of this year, many of the critical infrastructures of the hospital system crashed.

Read more about Healthcare innovation

When the hospital went offline, the staff traveled 20 years ago. As in Axelrod’s medical school days, hospitals had to rely on paper files and triple-check for errors that would normally be corrected by a computer. In addition to causing inconvenience, the crisis also endangered lives. The hospital was forced to bypass the ambulance because the over-expanded staff could not accept new hospitalizations. The breach also interfered with urgent test results. For example, medical internships can usually update a patient’s chart to receive important test results shortly after arrival. Following the cyberattack, the intern scrambled between floors, checked with the lab and reported to the doctor.

Also read about – blockchain in healthcare

Such delays can be costly. Accelerator Rod explains that if a test shows a fast-moving infection like MRSA, doctors need to know as soon as possible and stabilize the individual before the condition worsens. To complicate matters, the rapid COVID-19 PCR test determines whether incoming patients can share a room or need quarantine. Misunderstood result Led to Accidental coronavirus exposure among Askelrod colleagues during the September crisis. “In infectious diseases [medicine]Rapid communication between laboratories, medical teams, nurses and pharmacies ensures that both patients and teams are safe and that these infections can be treated quickly. This may be important for patient outcomes, “said recently selected as the COVID-19 response lead for GW Medical Faculty Associates.

Overall, the incident to be influenced 250 locations through Universal Health Services System (UHS). This will cause headaches in most office work, but it is especially painful for workplaces where life is hanging in balance.

Hit the most vulnerable

While cyberattacks on healthcare providers have begun to occur Early 2000s, Field ransomware is almost compromised double Perhaps the most widely known example is the 2017 WannaCry ransomware hacking the UK National Health Service. to be influenced Over 80,000 hospitals, cancellation of forced surgery, closure of certain emergency departments.Last year, more than one-third of medical institutions Said According to a survey by British cybersecurity firm Sophos, they encountered ransomware.And the financial demands of the perpetrators sharply Rise: In one of the most striking examples, Irish medical services strike A ransom of about $ 20 million was paid in May of this year (authorities vowed not to pay this).

In addition, many of these events go Unreported This is because hospitals need to disclose protected information only when hackers have access to it.But by 2020, there will be more than 18 million US patient records compromise.. These attacks not only reveal sensitive information such as an individual’s HIV status, but also waste valuable time and even kill them.German prosecutor last year Blame A case involving the death of a woman at a clinic in Düsseldorf. She was experiencing an aneurysm, which required immediate treatment and died after traveling to a further distant facility.For the same reason, hospital hacking Associated with Death from a heart attack.

One potential explanation for the rise in cybercrime: medical institutions make attractive targets. Large-scale medical systems can link tens of thousands of locations operating on a combination of wired and wireless networks. Hackers can move between geographic sites by breaking into the network in a simple way, such as phishing emails.

Most of these crimes occur because hackers scan the Internet and prey on vulnerable systems. Christian Damef, an emergency physician and clinical informologist at the University of California, said he may not even know that he had invaded the hospital based on the information available. San Diego, California. He is also the Medical Director of UCSD Cybersecurity, Pressured Parliament to strengthen government efforts against the threat of hacking.

In fact, the ransomware group ( probably Working in Russia and Eastern Europe) may find great opportunities to break into extensive networks. Damef cites the NHS case as an example of an indiscriminate attack.The criminal behind it ambush German railway companies, French car makers, Renault, etc. “I don’t think most of the attacks that hit healthcare are intentional,” he says. “Just because they are hospitals and caring for patients, there are more than just magical boundaries around them that cybercriminals don’t attack.”

These breaches have been successful using the industry’s digital push over the last two decades. Ultimately, this ongoing technological revolution aims to improve the ability of physicians to treat large numbers of patients at once. This is what Akselrod observed in his daily work. However, it has its drawbacks.

Dangerous Digital Revolution in Healthcare

The transition to technological efficiency does not always include a well-staffed IT team and strict safety protocols. For example, new medical devices take years to get FDA approval, so Outdated Software and operating systems that lack the latest security mechanisms. This allows ransomware to exploit certain vulnerabilities. To disable Medical imaging equipment such as MRI. Hackers can not only shut down a machine, but even tamper with it directly.Recently, German medical maker B. Brown share The IV pump was vulnerable to allowing hackers to remotely change drug doses.

These risks can only be exacerbated as a provider embrace Cloud computing. You can link a myriad of devices at a particular facility to facilitate faster hijacking. “I think cybercriminals will not only attack one-off devices and look for them, but they will also attack critical cloud infrastructure and have a far greater impact. This is potentially very significant. I’m concerned, “says Damef.

Large healthcare providers also hold vast amounts of sensitive patient data.In fact, the 2009 law Forced Medicare and Medicaid providers are adopting electronic health records, which in turn poses new security risks to facilities across the country.This data looks like this Sell ​​online, And the hacker demanded a ransom of millions of dollars to return it.

Despite the clear warning, healthcare managers do not always take steps to protect their workplace. According to the report, 40-60% of these organizations do not perform simulations of technology failures that can occur during hacking. 2018 survey According to Healthcare Information and Management Systems Society. This is because the provider already has enough, explains Damef. COVID-19 has Provocation With burnout of staff Devastated The budget of a hospital that is already underfunded.Even if an organization is looking for a cybersecurity expert, the country Lack He adds as demand from various industries grows. In addition, the HIMSS report revealed that most of the healthcare institutions surveyed spend less than 6% of their IT budget on cybersecurity.

Cyber ​​attacks include climate change Emerging Pandemic. Safety net Clinics and hospitals provide care regardless of solvency, but protection against these risks is far less than in wealthy facilities. Dameff adds that some facilities may have to choose between increasing cybersecurity or purchasing life-saving equipment such as CT scanners to detect cancer.

Akselrod has long witnessed how wealth and racial disparities can affect health care in collaboration with HIV (and more recently COVID-19) patients. Vulnerability to cyber attacks is no exception. A patient in her hospital eventually opted out of surgery because she struggled with a delay in surgery during last year’s breach and was unable to pay for her long stay. “Is the cyber threat another of the many new threats that crucify low-income earners?” Says Akselrod. “Partly because of systematic underinvestment. In other parts, these are the people at the individual level who are least able to afford the additional costs of the next threat.”

Long-term delinquent investment

Damef proposes both high-tech and low-tech solutions to prepare for the coming wave of cyberhazard. For example, healthcare providers can segment their networks, making it difficult to target large numbers of critical technologies at the same time. For example, a hospital can separate critical equipment such as a ventilator from a computer workstation into a separate line of defense.

In addition, although users may find it slightly bothersome, Multi-factor authentication can protect employee accounts on institutional websites (common entry points) and prevent criminal tracking. Administrators, on the other hand, can prepare employees to work offline through regular simulations. This helps establish a reliable paper-based process in the event of an electronic health record or other critical device failure.

And we still do not fully understand the scope of these cases. To assess the full extent of US cybercrime and its implications, Damef envisions a comprehensive national registration that includes the corresponding death toll.

For Akselrod, lack of preparedness for cybercrime in the medical field is a sign of a broader problem. As with new pandemics, it is more common to address such challenges than to tackle them before they occur.Just like the movement towards Preventive medicineShe hopes that healthcare providers can listen to experts and tackle cyber attacks as well. “We have a lot of expertise in these complex threats, but we tend to use that expertise ex post facto after a crisis has already occurred,” says Akselrod. “We need to invest today (and yesterday) to prepare for the next crisis tomorrow.”

Cyber ​​attacks on healthcare are on the rise — but many hospitals are not ready Cyber ​​attacks on healthcare are on the rise — but many hospitals are not ready

Exit mobile version