Reacting to the Rising Trend of Cyberattacks Toward Hospitals
1. Reacting to the Rising Trend of Cyberattacks Toward Hospitals
By: Peter Lam
As more hospitals move away from paper and adopt electronic health records and
management services, the risk for being a victim of a cyberattack is increasing. According to the
Health Care IT News, "as many as 75 percent of U.S. Hospitals responding to a poll this week
could have been hit with ransomware in the last year." Hospitals are the ideal target for
cyberattacks because they "provide critical care and rely on up-to-date information from patient
records" (Wired 2016). In particular, a type of cyberattack known as ransomware is the method
of choice for targeting hospitals. By loading and executing the malware onto a target's system,
Ransomware encrypts information until payment for the decryption key is provided (often via
electronic payments such as electronic wire or bitcoin).
This is detrimental to hospitals. Imagine being unable to access patient information on
demand or losing pertinent information for a treatment for days at a time. For Hollywood
Presbyterian Medical Center, this was a reality. Hollywood Presbyterian Medical Center paid a
sum of $17,000 in order to take back their systems and resume normal operations (Tripwire
2016). However, not all cases will have the same outcome as Hollywood Presbyterian Medical
Center. Kansas Heart Hospital paid an unknown first ransom but the hackers demanded a second
ransom (Healthcareitnews 2016). As a result of a cyberattack, hospitals like Hollywood
Presbyterian Medical Center and Kansas Heart Hospital both lost monetary and operational
value. Furthermore, these attacks are becoming more frequent because hackers are realizing how
ill prepared hospitals are for the attacks and how lucrative the payout can be.
As hospitals look to grow and adopt more modern systems and workflows, cybersecurity
can no longer be an afterthought. If such a passive approach to cybersecurity continues,
hospitals will continuously have to react and not prevent potentially crippling attacks. There are
simple tasks such as establishing a backup and restore process, blocking macros, and file
screening are tasks that rank low on complexity but have a moderate to high effectiveness in
security without affecting day to day operations. Being proactive will better protect users and
provide more options to continue operations without having to give into ransoms or losing
important data.