Thursday, May 5, 2016

Ransomware: Why Hospitals? Why Now?

RealClear Politics has run a series of articles on 2016 security issues.  The fourth and final part, Ransomware: Crime for a New Century, takes a look at this new form of cybecrime and how hospitals have proven particularly vulnerable to the attacks.

This particular question and its two answers caught our attention: 

Why Hospitals? Why Now?

There are two major factors that make the health care industry especially vulnerable to cybercrime in 2016.

First, health care has historically lagged behind other industries in adopting computerized records systems. It has been decades since banks kept account records on paper, but as recently as 2008, less than 10 percent of U.S. hospitals had even a basic electronic health records system.

The second factor is a strong push by the federal government in recent years to hasten the adoption of EHRs. The 2009 stimulus bill deployed a carrot-and-stick approach to speed the conversion to digital records. Funds were set aside to help finance the purchase of EHR systems, and in return, providers were required to meet minimum standards and to demonstrate “meaningful use” of these systems to improve the efficiency and quality of care.

The rush to adopt this technology caused serious growing pains, and the rollout of these systems is often an ordeal. For example, a New York City official last month compared the new system for the city’s hospitals to the 1986 Challenger disaster. A 2013 RAND Corp. study of U.S. physicians found that “the current state of EHR technology appeared to significantly worsen professional satisfaction in multiple ways,” and in many hospitals, the focus has been on just getting the systems functioning at the most basic level.

One conclusion offered - Perhaps these attacks are the inevitable growing pains of an industry rushing to catch up to the digital age...However, as health care providers inevitably become more dependent on digital technology, it will only be more important for hospitals to get cybersecurity right.

No comments:

Post a Comment