To sustain a fully functional and civil society, we need hospitals that are prepared and ready for the most extreme emergency. We rely heavily on hospitals to keep us safe and treat us when we are in need. Unfortunately, just like any business or organization, hospitals are still vulnerable to cyber-attacks. But why is this?
Use of Older Technology
A lot of hospitals use old technology made by old businesses that are no longer in service. While others adopt newer technology that doesn’t have the best security features. Some hospitals do use software or programs that are still in service, but they often use an older version that contains weak security patches. Anything with the ability to connect to a computer, phone, or even television can be hacked and tracked by hackers.
For example, in the early 2000s, there were a variety of cases where clinics and hospitals were shut down because a virus – called ransomware – infected the computer systems. Ransomware is a virus that locks all access to the technology and can only be ‘removed’ if a fee is paid. Even the best hospitals can be at risk of getting ransomware.
Lack of Awareness
Also, when a security threat is detected in the system, a lot of hospitals aren’t aware until months later, after all the damage has been done. Sutter Health, a U.S. hospital faces billions of cyberattacks a year. Last year, they had over 50 billion cyberattacks, and as the years go by the attacks have only multiplied and become more aggressive. Fortunately, Sutter Health has a state-of-the-art cybersecurity system in place that is much better than the ones owned by traditional hospitals. When they do get attacked, they can respond quickly and get off the network.
However, disconnecting is dangerous because doctors need to be able to view their medical notes while performing surgery, and without them, it could lead to fatal consequences for the patient.
The FDA has recently started creating guidelines on how medical device makers could manage and reduce the number of cyberattacks before and after the medical device is placed on the market. They even hosted a workshop on cybersecurity where big names such as Medtronic and Abbott could work closely with security researchers and hackers on possible vulnerabilities within the system.