Lessons to Learn from the Hollywood Presbyterian Hospital Hack

How much would you pay to get your patients’ files released back to you should your system be hacked? It’s probably an uncomfortable question to answer, but The Hollywood Presbyterian Hospital unfortunately had to in early 2016 when their system was infected with ransomware. That answer ended up being $17,000 worth of Bitcoin which would be a significant amount for anyone to pay to get their own data back. These types of rewards only motivate criminals everywhere to switch their focus from the physical to the virtual. Fortunately, the medical community can learn from this incident, even as the threat of ransomware continues to climb.

Reactions, News and Laws

There are lessons to be learnt in the aftermath of this event, especially considering this particular hack got a lot of coverage in the medical world. The CIO of Hollywood Presbyterian Hospital states that this incident was the catalyst for California lawmakers to pass a regulation making it illegal to knowingly infect a computer with ransomware. Of course, this should have been a law before the hack, but it’s a good example that lawmakers will continue to struggle with outpacing new technology. It’s why hospitals really have to rely on their ingenuity, resources and talent to take better security measures.

A hospital in Buffalo recently had their system shut down, and while they have yet to comment about ransom details or the exact nature of the event, it seems likely that this was the work of criminals. They followed their power outage procedure in this case, and brought out paper and pens to ensure their patients still received care. However, there’s no doubt that the level of care was compromised with this type of sudden change.

Everyone Is Vulnerable

Before you think you have the right security measures in place, remember that even the largest technology companies still struggle with security. This is because hackers everywhere are constantly thinking of new ways to attack — either by finding backdoors in software or relying on social hacking. Social hacking, in particular, is likely to affect tired or stressed employees who click on an email that’s disguised as being sent from one of their colleagues. This is just one example of any number of social hacking techniques.

Because there are so many points of connection into a system, it’s important to make security a daily habit rather than a once-a-year seminar. Unfortunately, hackers don’t always just take the money and run though, so it’s important to defend before they get in rather than after. Recently a hotel in Austria was hacked, where criminals brought down the electronic key system so people couldn’t access their rooms. After paying the ransom, hackers chose to release the locks but not their control. The criminals left a backdoor open within the system so they could come back whenever they wanted. After discovering this, the hotel went back to a regular lock and key rather than relying on computers.

Finding the Silver Lining

A hospital doesn’t have to go back to paper and pen record keeping when they have the best EHR system available. While there is no way to guarantee security in the virtual world (or the physical world for that matter), there are systems that can keep up on what hackers are doing to revolutionize their own field. With the right security updates and practices, you can put up a strong wall between your records and the many criminals who can practically taste the ransom. The more barriers and layers you create, the more likely it is the hackers will move on.