The recent WannaCry malware attack highlighted cybersecurity as a patient safety issue. Most cyberattacks steal money, data, or intellectual property, but recently have also been used for disruption or political impact. However, healthcare faces larger cyber risks because of inherent weaknesses in its security posture. Medical records are worth much more on the black market than even credit card details because they contain much more personal information such as social security numbers and other various financial information.
The fallout from WannaCry ransomware attack in 2017 is unsettling as it attacked systems in more than 150 countries. Many hospitals had to shut down their computer systems. Resulting in compromised patient safety and eroding trust. The attack used ransomware and while it did not primarily target just healthcare systems, a 2016 attach on the Hollywood Presbyterian Medical Center shut down its network for 10 days. These infections occurred through phishing emails which are common and difficult to defend against. Although these attacks are usually to target for financial gain, other motives have been reported such as for political impact where medical records of prominent figures are released.
The vulnerability of healthcare to cyberattacks is due to various factors including limited resources, fragmented governance, and cultural behaviors. There is a lack of clarity over who is responsible for securing systems and data. Not to mention, the culture around healthcare is a focus on patient care which puts other factors such as cyberprotection on the backburner. This has very serious consequences for the possible future as hackers have been shown to be able to control medical devices such as insulin pumps to inject lethal doses.
Author:
Guy Martin, Paul Martin, Chris Hankin, Ara Darzi, James Kinross
