One of the most important technological advances of the 20th century was the creation of the internet, which changed many aspects of our everyday lives for the better. However, the enabling nature of the internet means that people can use the internet to perform malicious activities, one of which is distributing ransomware. With the increasing adoption of digital hospital records and the introduction of computerized order prescription systems, ransomware may pose a serious threat to people’s lives.
Ransomware is a type of malware, a piece of software that secretly installs on a computer and disables a user’s access to files stored on its hard drive. While I knew about the existence of ransomware before, I was surprised to learn that hospitals and other public organizations became the victims of cyber-criminals. Indeed, one would think that due to the sensitivity and importance of the information stored in digital medical records, hospitals would implement strict security measures to protect its systems from ransomware. However, the news report by PBS NewsHour suggests otherwise.
There is no denying that computerized medical records and order prescription systems have numerous benefits. In fact, in the previous video, such technology was described as one of the components of the improved healthcare safety net. However, the implementation of such technology in a hospital setting requires special attention to be paid to security protocols. Personnel should be forbidden to download any attachments from third-party emails, and USB-drives on hospital PCs should be locked for security reasons. Ransomware can only be installed by the user; it is just that the user is sometimes not knowing that the attachment they download is ransomware. Another security measure is disabling administrative rights on hospital PCs, thus eliminating the opportunity for any malware or ransomware install.
I do not believe that hospitals and police departments are specifically targeted by criminals. At 5:50 mark the narrator says that criminals cast a wide net in the hope some inexperienced user will download and install malware (“Ransomware attack takes down LA hospital for hours”). Typically, public organizations have strict security policies and do not allow employees to download and install any files. Some organizations even have company-wide firewalls that block any download and installation attempt or require special authorization for the installation to begin. As such, I believe that while UAE hospitals might be at risk, the risk is quite low and can be minimized through comprehensive security measures. As such, the issue at hand is not the ransomware, rather, the irresponsible hospital management did not establish security measures to protect its systems from malware.
It is also important for personnel to understand the risks. While implementing computerized medical records and order prescription systems managers should educate personnel about the consequences of downloading attachments from third-party emails, and doing any other activity which might compromise system security. Strict policies should be established, and random security checks organized to establish high levels of security.
Hospital information systems are an emerging technology and as with any emergent technology, its implementation may come across some roadblocks. One of these roadblocks is ransomware and the issue of security of these systems in general. While there is no doubt that digital medical records are the future of healthcare, their benefits will quickly become obsolete if comprehensive security measures are not followed to protect the patient data.
Works Cited
Ransomware attack takes down LA hospital for hours 2016. Web.