As the healthcare industry works to provide critical life services while working to improve treatments and patients care with new technology and innovations, cyber-actors look to exploit the vulnerabilities coupled with these changes (Loukas, 2015). It is hard to ignore the increase in reporting of hospitals victimized by ransomware, which is a type of malware that infects systems and files, rendering them inaccessible until a ransom is paid.
Multiple hospitals across the country were recently infected with ransomware via outdated JBoss [ii] server software. This happened when the attackers uploaded malware to the out-of-date server without any interaction from the victim, as opposed to infecting the hospital through common workstations used by every staff (Abomhara, 2015). One of the hospitals affected was Hollywood Presbyterian Hospital in California. In this case, patient care was delayed and finally resulted in hospital paying seventeen thousand dollars to regain access to file and their network. This happened because the hospital did not have the required preventive measures and that the cyber attackers were well aware of it. The result was that the hospital underwent a lot of pressure delivering proper services, which made them pay the ransom.
Ransomware can be extremely damaging to the day to day operations of the hospital, by blocking access to files and systems. Some of the Steps the hospital can take to avoid this problem in future could be to keep their antivirus updated and implementing proper emails filters. It could also be necessary to maintain backup system and storage files offline so that they can access them in case of an attack. One of the direct impacts on the hospital system is that if cyber attacks occur, operations are slowed down, and critical processes become inoperable. The hospitals are then forced to go back to using pen and paper. The patients’ confidential information could also be exposed. The hospital will also have to pay for a large amount of ransom to recover their systems.
Addressing cyber attacks to reduce information security risk is challenging. This is because cyber attacks cannot be eliminated. Therefore to mitigate the risk of cyber attack, the HTM professionals need to put the required preventive measure in place and need to balance protecting patient safety and promoting the development of innovative technology and improved device performance (Haraty, Zbib & Masud, 2016). Antivirus and hospitals’ backup systems need to be always updated.
- Loukas, G. (2015). Cyber-physical attacks: A growing invisible threat. Butterworth-Heinemann.
- Haraty, R. A., Zbib, M., & Masud, M. (2016). Data damage assessment and recovery algorithm from malicious attacks in healthcare data sharing systems. Peer-to-Peer Networking and Applications, 9(5), 812-823.
- Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88.