Ransomware attacks are well recognized as causing an increasing number of disruptions to health care services as well as steep economic losses, but their impact on patient health outcomes has been less easy to determine.
A suspected ransomware death.
A report published recently in the Wall Street Journal details the potentially fatal effects of cyberattacks. “A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death” (subscription may be required) describes a lawsuit contending that a child born at an Alabama hospital in 2019 during an eight-day cyberattack subsequently died because the building’s disabled computer systems prevented staff from properly caring for the infant.
A Becker Hospital Review post last week further highlights the reported links between cyberattacks and patient outcomes. It describes the above lawsuit, as well as findings from studies by the Ponemon Institute and the Cybersecurity and Infrastructure Security Agency, that suggest a link between such attacks and increased mortality rates.
A primer on cybersecurity.
The threat of a cyberattack to a patient’s health, finances, and privacy are detailed in this month’s feature article, “Preventing Medjacking,” by Veneine Cuningkin, DNP, RN, Elizabeth Riley, DNP, RNC-NIC, CNE, and Larronda Rainey, DNP, RN.
The authors begin by asking nurses to conceive of scenarios that until recently would have been unthinkable. For example:
“Imagine the medical device your patient relies on daily suddenly malfunctions. A pump, say, that abruptly stops injecting the appropriate amount of insulin because it’s been hacked. An unauthorized user has gained remote access to the patient’s device, preventing the administration of essential medication.”
Prevention and damage control.
The article focuses on medical device cybersecurity, the risks and consequences of compromised medical and personal data, and what nurses can do to guard against security threats and educate patients. This includes practical strategies and recommendations, including National Cyber Security Centre criteria for patient passwords, which should:
- not be common names (family or pet)
- not be used for another account
- be generated and stored by a password manager
The best protection against cyberattacks is knowledge and prevention. For this reason, the authors say, it’s important for nurses to talk to patients about their devices, basic security measures (such as password protection), and the way they connect to the Internet. Nurses should ask patients, for instance:
- when their medical devices were last updated
- which type of network (public or private) they use to connect to the Internet
- how they determine if a network is safe to use
Anyone who relies on a medical device is at risk.
Many patients are unaware of their cybersecurity risks and tend to believe hackers focus only on vulnerable populations. Yet, they note, “anyone who relies on a medical device can be the victim of a cyberattack.”
To prevent this, they recommend nurses extend patient education beyond its traditional scope:
“When patients receive a medical device, nurses are obligated to show them how to look for the signs and symptoms of infection and equipment malfunction, especially with implanted devices. Patient-centered communication sessions should also include hands-on demonstrations and meaningful conversations about a patient’s cyber ‘health.’”
Read “Preventing Medjacking” for free until November 1.
Comments are moderated before approval, but always welcome.