If you haven’t been paying attention to the reports on the alleged cyberattacks launched by Russia and other foreign nations, it’s time you tuned in. Sen. John McCain (R-AZ), the Senate Armed Services Committee chairman told lawmakers at a hearing on Thursday that “every American should be alarmed” by Russia’s alleged attack on our 2016 presidential election, and I’m telling you that as a patient, you should be, too.
Cyber warfare is real, the technology is complicated and in the case of patient care it can be deadly. One of the most important takeaways from Thursday’s testimony, in my opinion, is that the U.S. is a step behind many others in this dangerous game. As a physician who is involved with administrative regulations, I know how computers and the federal mandates to move patient information and data to electronic records could prove to be a great danger to the American patient, even though technology is a useful tool in health care.
Before you accuse me of using fear-mongering tactics, consider the multitude of hacking that goes on in the private sector. Simply providing your credit card information to a website, or having it stored on your mobile device leaves you vulnerable to identity theft and in danger of having your financial or personal assets stolen.
If you don’t understand why health care would be a targeted area for cyber warfare, consider that the industry alone accounts for 17.8 percent of our nation’s Gross Domestic Product (GDP). I can tell you confidently that despite its value, the industry remains one of the most vulnerable areas for an attack. Not only are our hospitals unable to identify a possible attack, but they are also extremely ill-prepared to prevent one from happening.
The first, most obvious implication of this is that every patient’s record contains extensive detail of personal information—from social security numbers to financial information and even family history. You could see how a hack at just one, small hospital or medical center could potentially put thousands of Americans in danger.
The second implication is a danger that was addressed on the Hill today, in which a hacker uses stolen data to create unrealistic scenarios. In the medical world, you have to consider a scenario in which the hacker penetrates medical records of patients admitted to the hospital. Having access to this population’s medical records could mean that with a click of a button, vital information regarding diagnosis, medication allergies, blood pressure levels, intravenous dosage schedules and the like could be erased, or altered, without anyone even knowing what happened.
If it sounds to you like this is a science fiction movie, I’ve got news for you – a version of it has already been made a reality. A July report found the health care industry has been hit harder by ransomware than any other industry, with approximately 88 percent of attacks targeting hospitals. That report listed twelve examples, and here are just a few: In Texas, Titus Regional Medical Center was prevented from accessing computer files. In February, hackers shut down the IT systems of Hollywood (Calif. Presbyterian Medical Center). In Kentucky, Methodist Hospital declared an internal state of emergency after a virus limited its use of electronic web-based services.
There are more examples, including a heart hospital in Kansas that was forced to pay ransom in order to get their computer files unlocked, but I think I’ve made my point. This is a major, identifiable headache that we need to get ahead of before our patients are put in further danger. Hospitals and medical centers must put budgetary emphasis on cybersecurity in order to maintain patient safety. If a foreign country is able to hack into our electric grid and threaten a major blackout, imagine the damage they could inflict on one of major medical centers.