Taking Hospitals Hostage With Ransomware

When hackers first stumbled upon the treasure trove of personal identifiable information that hospitals, medical centers, and doctors’ offices collected on their patients, the entire industry became a target for identity theft. With an afternoon’s worth of hacking, thieves could make off with hundreds of thousands of patients’ records; if the medical center complex was connected by a shared network, the number of affected victims in a single hacking event could even reach the millions.

But hackers have a new tool at their disposal, thanks to the punishment that a medical center faces if they become the victims of a data breach (yes, if a hacker infiltrates their network, even in spite of strict security protocols, the hospital can be held responsible for the HIPAA violation associated with exposing patients’ confidential records). With the massive fines and penalties associated with a patient privacy violation, hackers have now learned that there’s serious money to be made from ransomware.

In a ransomware attack, not only is the hospital facing punitive monetary damages, but with patient records under lock and key, there’s the very real threat of danger to human life (and then the resulting lawsuits associated with that); several hospitals have been reduced to the Stone Age paper-and-pen records systems just to continue providing care during a ransomware attack, and one California hospital so far this year has already paid the hackers in Bitcoin to unlock its network in order to continue helping its patients.

At the same time, the medical industry can be hit hard by a single hacking event, which is why thieves are going after the industry in such a big way. UCLA Health, which had 4.5 million patient records breached in a single event, stated in its notification letter that it blocks “millions” of known hacking attempts every year.

The next big thing in IT and software development? Creating an impenetrable medical records network that will allow hospitals to continue meeting the needs of the sick and injured while keeping hackers at bay. If even the FBI couldn’t get into an outdated iPhone, surely there’s a team who can write a code that will prevent this type of crime.