After two global ransomware attacks highlighted the potential dangers of network disruptions in the healthcare environment, cybersecurity experts are warning that subsequent attacks could have a much more devastating impact on patient safety.
There is particular concern over the vulnerabilities of medical devices, nearly all of which are connected to the network in some way, where the potential for patient harm is enormous. Malware could weave its way through infusion pumps and disrupt medication dosages, or cyberterrorists could coordinate a physical attack with a shutdown of hospital EHRs across a city.
“We’re going to have our digital D-Day, our cyber D-Day, if you will, in medical, and there’s going to be patients that die,” Christian Dameff, M.D., an emergency room physician and clinical informatics fellow at the University of California San Diego Health, told McClatchy. “It’s going to be a big deal.”
Beyond the inherent risks in medical devices, widespread EHR disruptions mean patients will be diverted from emergency rooms and clinicians would be left to treat patients without critical patient information at their fingertips. After the UK’s hospital system was hit by the WannaCry attack in May, emergency physicians said the impact was “undeniably dramatic” and argued that digital security “simply hasn’t been an NHS priority.”
The same industry concerns exist in the U.S., according to a recent report by the Department of Health and Human Services Cybersecurity Task Force which called for a “unified effort” among public and private entities to address some of the industry’s most pressing concerns regarding staffing shortages and medical device insecurity.
“Some of these attacks are like ringing the dinner bell for adversaries,” Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, told McClatchy. “Once they know they can and it’s that easy, at that point it becomes a race.”