Cyberattacks on hospitals can lead to increased death rates among heart patients, recent research suggests. This research emerges as attacks on health facilities are reported to have increased 60 percent in 2019.
Researchers at Vanderbilt University‘s Owen Graduate School of Management drilled down into Department of Health and Human Services records on data breaches from more than 3,000 Medicare-certified hospitals. They found that, for facilities that experienced a breach, the time for suspected heart attack patients to receive an electrocardiogram (ECG) increased by more than two minutes.
When seconds count
The study focused on the impact of remediation efforts on health care outcomes following a data breach. It found that common remediation approaches, such as additional verification layers during system sign-on, can “delay the access to patient data and may lead to inefficiencies or delays in care.”
“Especially in the case of a patient with chest pain,” the report says, “any delay in registering the patient and accessing the patient’s record will lead to delay in ordering and executing an ECG.”
The researchers found that “a data breach was associated with a 2.7-minute increase in time to ECG three years after the breach.”
A bit over two minutes may not seem like much – but during a coronary or a stroke it can be the difference between life and death.
Increasingly targeted
Vanderbilt’s research was based on data collected before ransomware attacks against health care facilities became common. The authors caution that such attacks – in which systems or data are held hostage until a ransom can be paid – “are considered more disruptive to hospital operations than the breaches considered in this study.”
The medical sector is the seventh-most targeted industry, according to a report by internet security firm Malwarebytes, based on data gathered between October 2018 and September 2019. But Malwarebytes warns that attacks on this sector are on the rise.
“Threat detections have increased for this vertical,” the report says, “from about 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3, a growth rate of 45 percent.”
Comparing all of 2018 against the first three quarters of 2019, Malwarebytes said it has observed a 60 percent increase in such attempted intrusions.
“If the trend continues,” Malwarebytes reports, “we expect to see even higher gains in a full year-over-year analysis.”
Very sobering. Unfortunately, organisations such a medical facilities are more likely to be targeted, as they are more likely to acquiesce to demands given the alternative consequences. This surely must be one service that requires the most cutting edge cyber security and a strict training and education regime. Something that will be problematic to deliver for public bodies.