Clear tactics, but few easy solutions for hospitals combating ransomware.
Especially cruel hackers know that lives are on the line when they hold a hospital’s computer systems hostage, as they did in the May 12 attack dubbed WannaCry, which locked down many overseas hospitals with the demand for a ransom.
In a new article in the Annals of Internal Medicine, three medical and legal experts delineate the many steps hospitals can take to prevent and respond to attacks, but note that some strategies won’t be easy to accomplish and that full security is likely impossible to ensure.
“Patients can suffer severe negative health effects if their treatment is delayed, discontinued, or performed incorrectly because hospital records are unavailable,” the authors write in the essay “Your Money or Your Patient’s Life? Ransomware and Electronic Health Records.”
The authors are Eli Adashi, MD, professor of medical science and former dean of medicine and biological sciences at the Warren Alpert Medical School; I. Glenn Cohen, JD, professor of law at Harvard; and Sharona Hoffman, JD, professor of law and bioethics at Case Western Reserve University.
“There are things we can do to reduce the risk, but it is very hard to perfect IT security, especially given the needs of modern hospital systems to have things moving between places and increasing demand for patient-facing access,” Cohen says. “To some extent, these attacks are inevitable.”
Read more here.