Cyber attacks are a real threat to the healthcare system today. They’re a threat to everything with an internet connection and in the modern day almost everything is. A recent cyber attack that occurred this year hit over 100 countries. Ukraine and the UK were two of the countries most affected by this cyber attack. In the Ukraine the attack hit several government agencies while in the United Kingdom it affected the healthcare system. The attack resulted in a pop up message that demanded a ransom in exchange for access to the affected computers. The virus was able to attack the computers through a defect in their security. This defect was fixed by a patch released by Microsoft in March, but not all computers downloaded and installed the patch which resulted in them being infected by that virus. This attack had multiple consequences on the British health system as operations had to be delayed, ambulances were diverted, and patient’s health records became inaccessible for a while. The British prime minister said that patients’ health records weren’t acquired by the hackers, but can one be really sure about that? Is there a definite way of telling that they didn’t make copies of them?
Hospitals in the United States are in no way immune to these attacks as they’re all connected to the internet and so are most medical devices. The computer virus used by cyber attackers is called WannaCry and it’s a type of ransomware which like we stated demands a ransom in order to return computer access. The demanded ransoms are usually lower than 1,000$ which makes them seem low enough that you would consider paying them just to get rid of the nuisance. Luckily, hospitals in the United States haven’t been affected as severely as those in the UK, but it’s possible that a couple of them were attacked albeit in a milder fashion. There are plenty of downsides to hospitals being hacked or attacked by computer viruses. Even insurance companies may be affected by these cyber attacks in the future. It’s important to find ways to prevent these attacks to begin with rather than to deal with them when they happen.
First of all one of the most serious effects of a cyber attacks would be the release of confidential patient information. Patient confidentiality is vital in the healthcare system and is protected and regulated by several laws and regulations such as HIPAA. There are also severe consequences for doctors who breach that confidentiality. Since it’s so highly valued and protected you can see why hackers acquiring those records would be a disaster. Health information can be very sensitive and its release to the public can be disastrous for any individual. The other problem is if these hackers start falsely editing that information by adding or even deleting vital information. This can result in serious consequences for the patient up to death such as deleting that the patient is allergic to penicillin for instance. A patient would then receive penicillin and enter anaphylactic shock and may die if not quickly treated. Cyber attacks can also prevent the access of these records which will definitely stall doctors and the provision of adequate medical care.
Such as in the UK cyber attackers may divert ambulances which will delay them and get in the way of them reaching those who need an ambulance the most. They also prevent the access of lab results which may be crucial in the ER for a patient who has acidosis or alkalosis for instance or an electrolyte imbalance. Preventing access to lab results as well as patient records will definitely delay operations until the system is restored as well. No surgeon will operate without knowing the patient’s labs and records such as what they’re allergic to and their full history. For a patient who needs urgent medical intervention this can definitely be life threatening. This hasn’t happened yet, but you can’t rule out that in the future these attacks may interfere with the function of medical devices and monitors as well and even alter lab results and investigations. The consequences of a cyber attack are severe and life threatening. It’s a threat that’s not to be taken lightly. Insurance companies aren’t safe from these attacks either.
Insurance companies have classified patient data in addition to payment and finance information as well. Hacking these companies may result in the alteration of a patient’s records or payment history. This may result in the insurance company asking for additional payment because according to their record a patient hasn’t paid. It may also result in a patient’s insurance plan being changed either downgraded or upgraded. If it’s downgraded then that’s not very good for the patient as he or she will receive less coverage than they signed up for while if it was upgraded then the insurance company will be paying more than it should.
The prevention of these attacks is crucial for the entire healthcare system including hospitals, clinics, and insurance companies. This should also include any medical devices connected to the internet or connected to other computers. It’s a lot easier and definitely more beneficial to prevent these attacks than to deal with them as they happen. If you stop them from occurring then you’re preventing any loss or alteration of data as well as any loss of function. If you start to deal with them after they happen, however; then you already lost precious time which could result in life threatening complications for patients. It will also be hard to determine how much these attacks have infiltrated the system and the full extent of damage done by them. Like mentioned before it would be very hard to tell whether or not they copied patient records or altered them. If they manage to do this without leaving a trace then the entire system is thrown of balance and doctors will start working basing their work on records that had been altered without anyone knowing. Also by the time you start dealing with the attack operations may have already been delayed and ambulances have been diverted which is additional precious time lost.
The problem is that just like regular smartphone and computer users, hospitals may delay updating their systems because updates take time and may slow or even temporarily shut down the software for a while in order to install updates. It’s important, however; that they realize that wasting a few minutes to update software in order to protect it from cyber attacks is nothing compared to the hours that will be wasted if an attack does hit their computers. Also reporting of minor cyber attacks or viruses should be done regularly because it seems that a lot of hospitals aren’t reporting these minor incidents. All hospitals should have IT teams because they’ll be the ones to make sure these attacks don’t happen and will deal with them if they do. To not have a competent IT department in any business in 2017 is ludicrous let alone in a hospital where lives are at stake.
Technology has given hospitals and doctors a lot of beneficial tools to aid them in saving lives and improving them, but nothing is perfect. Computers and electronic devices are flawed in the sense that they can be hacked and attacked by cyber terrorists. Fortunately it’s not too hard to prevent these attacks and deal with them as soon as possible. The important thing is to be aware of the risk rather than wait for a catastrophe to happen in order to start acting. Adequate cyber security will not just save money and time, but will also save precious and valuable lives.