Multiple large-scale cyber attacks in recent months have affected businesses and individuals worldwide and left people on edge about potential future threats. May 2017’s WannaCry attack in particular has had an impact on healthcare facilities; the United Kingdom’s National Health Service hospitals were hit by the ransomware and an estimated 70,000 devices were affected. This was not just limited to computers: additional hospital technology like MRI scanners and blood refrigerators were also affected in the attack. This particular attack was contained relatively quickly and had a lower impact (in comparison to what it could have potentially been), but the incident has shone a light on software vulnerabilities in healthcare facilities and the potential devastation a cyber attack could cause.
Healthcare facilities – such as home health care, assisted living facilities, and nursing homes – are at a high level of risk from cyber attacks due to the high level of computer-based technology in their facilities. This is not limited to physical computers either; most medical hardware found in healthcare facilities is a computer. MRI scanners, refrigerators, ventilators, certain types of microscopes, and more are computers, and are thus vulnerable to cyber attacks. If the software in question is outdated or does not have the proper security measures in place, the facility is wide open for attack.
The potential impacts of a healthcare facility’s cyber breach are great. In addition to the obvious potential for disrupting treatments, surgeries, and other facility operations, these facilities contain a great deal of sensitive information. The Ponemon Institute has stated, “The most lucrative information for hackers can be found in patients’ medical records”, as electronic health records contain personally identifiable information (PII) such as social security numbers, health care provider details, credit card information, addresses, treatment history, and, for select facilities, valuable research information. The reputational damage from a cyber breach is also not to be taken lightly; a health care institution’s credibility will be greatly damaged by such an attack.
Post-attack analysis of the WannaCry attack has found a number of potential vulnerabilities, and all healthcare facilities should develop risk management strategies to minimize their exposure to cyber threats. The Ponemon Institute’s study revealed that 78 percent of respondents found that the most common cyber attacks occurred with software that was more than three months old, and that responders health care facilities considered system failure (79 percent) more of a threat than cyber attacks (77 percent). In order to prevent their networks from falling victim to cyber threats, health care facilities should:
- Routinely perform audits of their machinery. Ensure that all software is completely up-to-date and that all technology is performing properly.
- Prioritize network security to protect their hospital systems from attack. Segmenting the network will prevent the entire network from being affected if one part is attacked.
Caitlin Morgan specializes in providing insurance solutions to healthcare facilities, including nursing homes and assisted living facilities, addressing liability, property, cyber and privacy, workers’ comp, risk management, and many other exposures. To find out more about our programs, give us a call at 317.575.4440.
Sources: CNN, Ponemon Institute