Do you trust your life (or even just your leg) to your IT staff?
The information technology experts at Frontier IT in Colorado Springs suggest you grab some dark chocolate-drizzled popcorn (or whatever your munchy of choice is) and check out a recent episode of CBSN: On Assignment titled “Cyber Soldiers: Who protects your information?” for a fascinating look at the world of white- and black-hat hackers — more specifically, hackers who target hospitals and medical devices.
The episode — you can find it here — is a quick watch, at just under 12 minutes. CBS News’ Reena Ninan takes viewers on a journey that starts in Mumbai, India, home to one of the world’s top white-hat hackers, and weaves its way to an upstate New York hospital, the patient data of which was rendered inaccessible for six weeks when cyber criminals took it ransom earlier this year.
“All the screens were black, all the computer screens were turned off,” Dr. Jennifer Pugh, who runs the ER at Erie County Medical Center, a level-one trauma center, told Ninan. “Everything we had normally used was essentially unplugged.”
The hospital chose not to pay the $44,000 ransom demanded by hackers. Just how did it regain access to its data — and cope in the meantime? We won’t spoil the ending. You’ll have to watch for yourself.
The episode makes several frightening, poignant points.
- On average, hackers make 10-50 cents per credit card number obtained illegally — but a whopping $30-500 per medical record.
- There were nearly 4 billion cyber attacks last year, up more than 600% over the year prior.
- Hospitals, doctor’s offices and other medical businesses have become black-hat hackers’ victim of choice, given the lucrative ePHI, or electronic personal health information, they possess.
- Hacking a medical device is truly possible. A group of white-hat hackers demonstrated this for viewers by breaching a vitals monitor hooked up to Ninan. Ninan disconnected from the monitor, causing it to flat-line and alarm — but only on her end. Once hacked, a separate monitor that would have been visible to nurses at a nursing stationed failed to alarm and, in fact, showed a healthy, consistent heart rate.
“The nurse has no idea that I’m practically dead?” Ninan asked.
“The nurse has no idea that your heart has stopped beating,” a white-hat hacker replied.
- The thought of a hospital’s ePHI held hostage is scary enough. But, as an IT expert interviewed by Ninan points out, “Imagine that physicians … came in one day and found that medical data, instead of being encrypted, was wrong. Prescriptions, allergies, which leg to amputate — imagine you didn’t know which data was wrong.”
It’s possible that hackers take this approach instead, the expert said.
“I think it gets a little scarier from here.”
This is the stuff of nightmares, right? It certainly is for patients (read: all of us, at one point or another), no less those who own and operate businesses in the medical industry. And it’s especially frightening for those who run small clinics with limited resources.
What’s such a person to do?
The information technology experts at Frontier IT recommend this: Contact a reputable managed service provider, or MSP, that can offer you the IT services your business needs (like disaster recovery planning and server/network monitoring) in an affordable, à la carte fashion.
If you’re looking for guidance, reassurance, peace of mind and expertise when it comes to the cyber security of your clinic and its infinitely valuable data, drop Frontier IT a line today. They’d love to learn more about what you do and how they can come along aside you to ensure the success of your business.
After all, lives depend on it.