“Ransomware forces 3 hospitals to turn away all but the most critical patients”

Just yesterday, I experienced my first “technical” barrier to patient care when our chart system prevented us from documenting plan of care. It affected our hospital network (several hospitals) for all OTs and PTs. There was no alternative way to chart. This was nothing compared to the hospitals affected in the article. My prediction, this type of event will occur more frequently. Just recently, a school was shut down for several days due to computer malware or infiltration!

Contents Hide

1 What Is Ransomware?

What Is Ransomware?

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization.

Prevention

The best way to avoid this at work is to do only work-related things. The most likely vectors of attack are when users visit other websites. Trustworthy websites such as .gov should be safe, but use your best judgment when visiting others. I would definitely not click on a random link on facebook on work computer (if I even used facebook at work). Why? IT could trace it back to you if the entire system goes down, and I would not want that on my shoulders.

E-mail is another possible vector of attack. Look for suspicious phrases in the subject/body of the e-mail, bad actors impersonating others, and most importantly, think twice before clicking on a link in an e-mail. If possible, analyze the URL of the link you are clicking on and look for anything suspicious. For example, if a link only has numbers (IP address) instead of a well-known domain, it should raise red flags and be forwarded to IT for analysis.

Of course, remember to log out when stepping away even if only for a second.

Backups

This is more for IT, but is relevant for the end-user as well. Does the system have nightly backups, for example, that can roll back in case of an attack? This can get tricky with healthcare information, as it relies on up to date information, but it is better to have some information than no information. Backup EMR, if it even exists, should be implemented. As a last resort, consider paper. Some settings still use paper charts, so it may be a good idea to implement a way to transition to paper chart in case of downtime. Yes, it will not have the most up to date information, but is better than nothing.

Education & Drills

Backups can be great, but just like other disaster preparedness (fire drills, earthquake, active shooter), they should be tested. Employees should know what to do (knowledge), but also demonstrate their competency in case the system goes down.

My first week of employment saw a TEN DAY computer system outage. The system was actually only down for about a day, but the remainder of that time was spent validating the data that was restored. (LINK)

I predict that at some point or another in your career, this may be more of a reality in your workplace. And it may not just be a 1 day thing, the system could go down for weeks, months and guess what this affects? Your patient’s wellbeing and even your paycheck!

Regulation???

This subject popped into my head and I am not even sure if I would personally support it. However, there should be some type of accountability or external pressure for hospital systems and their IT to implement and execute measures to prevent, practice, and handle situations that result in network downtime. A prime example of this is the Equifax breach.

The thieves spent 76 days within Equifax’s network before they were detected. According to the report, the hackers stole the data piece by piece from 51 databases so they wouldn’t raise any alarms.

Equifax didn’t know about the attack until July 29, more than two months later, and cut off access to the thieves on July 30. (LINK)

Companies should pay more attention to their IT because it is literally the most important backend that runs their business. This has an effect on the entire population.

DISCLAIMER

All information provided by OT Dude is for educational purposes only and must never be considered a substitute for medical advice provided by a physician or other qualified healthcare professional. Always seek the advice of your physician or other qualified health professional with any questions you may have regarding a medical condition. Our content does not replace the relationship between your physician or any other qualified health professional.

OT Dude is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

OT Dude does not offer a substitute for professional legal or tax advice. If you have questions about your tax liability or concerns about compliance, please consult your qualified legal, tax, or accounting professional.

OT Dude does not make any warranty or guarantees with respect to the accuracy, applicability or completeness of accessible content. Under no circumstances will OT Dude be responsible or liable in any way for any content, including but not limited to any errors or omissions in the content or for any direct, indirect incidental or punitive damages arising out of access to or use of any content made available.

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. The content presented or generated by OT Dude are either my personal views or derived from an external resource and referenced when possible.

Affiliate links or relationships will be disclosed if there is any compensation for products mentioned on our site.

Ads are displayed throughout this website to provide you with free content. OT Dude does not endorse the companies, products, or services displayed in these ads.