Patients falling victim to ransomware

Financial Times writes:

Apart from blackmailing patients to keep data private as in the Finnish case, hackers can also use data for identity theft…While businesses and organisations are affected by cyber attacks, it is ultimately patients who suffer. The WannaCry attack resulted in services being taken offline, forcing the delay or cancellation of healthcare procedures.

Alterations can be made to physical devices through cyber attacks that could make them unsafe, according to Howard Holton, an analyst from GigaOm, a technology research and analysis company. “If we look at the risk of an MRI machine, X-ray machine or dialysis machine, the potential damage to the patient is huge. Life-saving machines could also be turned into non-functioning devices, leaving patients without access to treatment,” he says, adding that such attacks undermine patient trust in the health organisations.

This is disturbing, to say in the least.

I think the bigger threat to healthcare organisations is going to from ensuring “data integrity”. For example, how do I trust the values reflected on the console of linear accelerator. How can I ensure that the values have not been tampered for radiation delivery? Those are pressing issues and requires a greater deal of vigilance. It is not the “problem of the IT team” or the “physicists” but a complete ownership of the system and ensuring an end to end compliance/audit.