Health & Science
Master of Arts (MA)
The patient didn’t attract any attention initially. They were just one more cog moving through the system that was the massive hospital complex on your average day. That was, until they were shown to a room, and left alone. At that point, they removed a flash drive from their pocket and tried to insert it into a computer — with the goal of accessing the hospitals computer systems.
This is according to the Chief Information Security Officer at a major Northwest university hospital system, who asked for anonymity due to the sensitive nature of such attacks.
The imposter patient was attempting to install malware on the hospitals system, potentially with devastating effects. And although security was alerted to their presence, the imposter was able to sneak out, and was not caught.
This happens more often than you might think. In fact, it also happens with people impersonating residents.
“Every July we have brand new physicians as residents coming in, and even though we have pictures of everybody, it’s easy to slip in,” says the officer.
Ransomware attacks, in which malware denies the victim (such as a hospital) access to a computer system or data until a ransom is paid, have exponentially increased across the U.S. in the last few years. They’ve resulted in ambulances having to be diverted to get care for the patients they carry, chief medical officers being unable to administer important medications because they’re locked out of patient medical records, and even some smaller medical practices having to shut down entirely after their patient and billing records were deleted for refusing to pay the ransom.
In conversations with over a dozen experts, hospital representatives, government authorities and others, they contend the pace of ransomware attacks on US healthcare facilities such as hospitals is only set to increase. The costs of dealing with such attacks, the life-threatening impacts it can have on patients, and the technical expertise of repelling them are a never-ending game of cat and mouse, in which security practitioners and IT officers are perpetually trying to defend against new threats. Whether they’ll succeed is still an open question.
Powers, Benjamin, "Ransomware is Quietly Devastating American Healthcare Facilities" (2019). CUNY Academic Works.