Should Hospitals Take Cyberattack Threats Seriously?
Several recent examples of hackers holding patient records hostage have been circulated by news outlets. Hospitals have also faced direct attacks on their IT systems. Other cybersecurity risks at hospitals are far more serious and involve equipment used to treat and monitor patients. These attempts show that patient safety and cybersecurity are becoming intertwined.
The Food and Drug Administration (FDA) sees cyberattacks on medical devices as a threat. In 2015, the FDA issued a warning that drug pumps used all over the country are vulnerable to cyberattacks.
Cybersecurity researchers have remotely hacked drug pumps used to administer morphine. Some defibrillators that connect via Bluetooth have also been hacked by to prevent shocks from occurring. Researchers have altered patient medical records. In theory, this could be used to cause doctors to make medical mistakes.
Finally, there have been recent, full-scale cyberattacks on hospitals designed to damage operations. An attack on the Washington D.C. hospital chain MedStar crippled its IT systems. The hospital was forced to revert back to paper records and could not accept patients until the situation was resolved.
Can Hospitals Handle Patient Safety and Cybersecurity?
Hospitals may have a more difficult time adapting to cybersecurity threats. Medical device manufacturers may adapt if they follow recently created FDA recommendations. Many of these devices can also receive software updates to remotely fix issues.
Government agencies may ask hospitals to stop using these devices until fixes have been made. For example, the FDA recently advised hospitals to stop using drug pumps that have cybersecurity vulnerabilities.
Product liability cases in the medical device industry could also take an interesting and high-tech turn in the coming years.