Healthcare and Ransomware
As many of you know, our family has spent a lot of time in hospitals over the past 30 days. Thankfully, we’re all healthy – and the doctors have been great. But looking at their technological support systems as a patient, parent and IT specialist, I could use an electronic sedative.
Judging from what I see in news reports, hospitals seem to be prime targets for ransomware. That’s a lot of sensitive data to hold hostage, and I have a greater appreciation of the consequences now than a month ago. Every hospital room I was in had a computer. Every member of the medical staff who examined Charlie or me had to login to enter all the data used to update our charts. Every medication we were given was logged into the system. The process created an information lifeline that was critical for every step in our treatments.
The data the hospitals used to treat us was entered before we were admitted. The doctors who examined us previously entered notes into our electronic charts. The results of COVID tests were entered. Everything, it seemed, had to be verified at every stage of our care. It was comforting to know that every caregiver had access to the latest information on a screen, where it could be clearly displayed without the need to decipher somebody else’s handwriting.
But what happens when the technology breaks down? What would have happened if just before surgery, a hacker had invaded Charlie’s chart or mine and held the records hostage as the anesthesiologist was about to administer drugs? What if one of us had a bad reaction to anesthesia during surgery? That’s not the best time for us to begin hostage negotiations, and even in the willingness to pay ransom, it’s not the same as going online to pay your credit card bill.
I’d feel a lot better about healthcare if the hospital systems put the same resources into information technology as they do into their healthcare technology. I saw truly amazing systems to treat us, but the news reports tell another story. IT systems, even in large systems in large metropolitan areas, are antiquated and don’t get regular updates for security patches and bug fixes. If I were prescribing a remedy, it would be to update those systems immediately.
And as large hospital systems acquire smaller, financially strapped hospitals, it’s even more important to take that update medicine. With telemedicine becoming more common, there’s more interaction with a variety of technology systems and networks, so I would demand the hospitals build electronic fortresses.
The same goes for physicians’ offices, regardless of whether they are part of a hospital system or in some other network. As patients, we regularly use the medical systems’ portals – websites – to access records, refill prescriptions and use other essential information. What if the doctor’s system goes down? What if someone is having a life-and-death emergency during a hostage negotiation because the doctor’s IT system was hacked?
To borrow an old phrase: Physician’s office, update thyself.
At the same time, we need to keep our systems secure. The hospital and office systems we deal with are likely to have done everything right. But if we leave a door open in our own system, it could be the opening a hacker needs to get into a healthcare system and hold critical data hostage.
We can help you make sure you keep up your end of the deal. Call us – 973-433-6676 – or email us to arrange for a security audit of your system. For hospitals and doctors’ offices, we’re always happy to provide a second opinion.