by James R. Campbell
Few, if any of us, can forget the massive data breech at Target stores during the 2013 holiday season. It was reported by all of the major news outlets just after the Thanksgiving holiday that year. Viewers were horrified to learn that credit and debit card information was compromised. Many were afraid to shop at Target stores as a result. Target spent. Millions to set up safeguards in order to protect customers. The cost: $148000000. This expense was necessary in order to ensure that the credit and debit card information of the customers wasn’t subject to future compromise.
The hackers who did this were rumored to be from another country outside the borders of the United States. Hackers are notorious for being difficult to trace, which makes the risk to the rest of us greater than it would be otherwise.
If you think that is bad enough, take stock of recent news reports concerning another trend that is emerging. This latest episode of international chicanery is far worse than anything that has happened so far.
The latest target—hospitals. On March 30, 2016, Lester Holt of NBC reported on two such episodes, the hacking of Med Star Health group, a large group of hospitals based in or near Washington D.C. The hospital’s records were subjected to ransomware. This is a virus that locks the hospital out of its computer system until the hospital pays a certain amount in bitcoin, in this case, roughly the equivalent sum of $19000. The second case was the ransomware hacking of the Hollywood Presbyterian hospital. The hackers demanded $17000 for the release of the computer’s information. The police who investigated advised the hospital not to pay because the hackers would be encouraged to do the same thing again
But what choice did the hospital have? What would have happened if the hospital had not paid the ransom and then lost the data as a result?
Hospitals are becoming a favorite target of hackers due to the pressure to digitize their records. If the hospitals computerize the records, they save space, and in most cases, make the patients’ charts easier to work with. As a recent veteran of a number of surgeries, medical tests, and hospital stays since my accident in 2014, I know enough about the convenience of digitized records. The clerks can go to a computer screen and find a chart that would otherwise be hidden in a filing cabinet. The computers save time and effort for the staff.
If the hospital’s computers go down, the pharmacy can’t keep up with the latest lab reports, check for medication allergies, or other medications a patient may be taking. Nurses can’t scan the medications or a patient’s name from the wrist band in to the system to ensure that they are giving proper treatment. If the hospital reverted to the use of paper records, those records might be discarded by mistake by a doctor or nurse.
The down side, hackers can break in to a system and steal the information, or hold an entire hospital hostage, as in the Hollywood Presbyterian case. Fortunately, the hospital resorted to the use of hard copy (old-fashioned print records) to save the day. As backward as it sounds, it isn’t a bad idea to keep print records in order to safeguard the lives, and health of the patients in the hospital’s care.
Hospitals are always chasing the latest medical innovations, but are rapidly learning that taking care of the sick means protecting their sensitive data and technology when hackers strike. According to hospital administrators and security experts, this is a security threat that hospitals are unprepared for.
Due to the fact that hospital security systems are not as mature and advanced as those of banks, for example, who spend one third of their money on increased security, the networks of hospitals are increasingly vulnerable to hackers who don’t care about the patients at the other end, so long as they get their pay-out.
The police have a very valid point; if the hospitals pay the hackers, then this encourages the same behavior. It is extortion, plain and simple. Not only that, if a patient dies as a result of this activity, then it’s murder. In my mind, it is just another form of terrorism, the threat that is posed justifies the classification.
The challenge is multifaceted: for one thing, it requires hospitals to invest in top notch antivirus software, and the technical experts to make sure this software is up to date. This is added expense for the hospital districts, who spend less than three percent of their budget on security. Hackers will go where the money is and where the safe is the easiest to crack.
Hospitals are investing more time and effort in training their staff to be careful with the e-mails they open. As for all of us, do not open e-mails that look unfamiliar or that are unexpected. Some hospitals are putting stickers with reminders on cookies and salads in the cafeterias. A small price to pay considering what we face.
Another expense comes in the form of the funding for cybercrime experts to block, and then trace the perpetrators who are doing this. First, it requires international cooperation, and the money for the expenditures to find and prosecute these people. If we apply the terrorism laws, which we should, then life sentences would be a requirement, hard labor with an eye toward restitution. Another condition: the hackers would be required to share their expertise with cybercrime specialists in order that their knowledge might help deter other incidence like the ones we have heard about.
One unnecessary death from this kind of international chicanery is one too many, we can’t afford one more dangerous trend. .Once again, thanks for your time.
About the Author
James R. Campbell, 61, is poet and writer living with total blindness. He has a Bachelor’s in psychology. He has written articles for the Matilda Ziegler Magazin and Consumervision. A a member of Behind our Eyes, Campbell has three poem collections on CD. They can be downloaded at Recordinglibrary.org. In his free time, he likes cooking, playing harmonica, reptiles, and keeping up with current event.