For many of us, the idea of a cyberattack is something we associate with the risk of a data breach, identity theft, financial fraud, etc. One thing we don’t usually consider being a consequence of a cyberattack is death. Unfortunately, it appears that someone may have died, in part, due to a cyberattack on a hospital. You can get more details from this article at ZDNet, but essentially, a woman in need of emergency medical care had to be rerouted to a different hospital because the nearest hospital was in the middle of dealing with a ransomware attack. German police say that if it is found that her death was directly attributable to the delay caused by the ransomware attack, they will turn it into a murder investigation.
Cyberattacks on hospitals are not a new concept. They were making headlines last year. But, even the best planning may not prevent you from having to pay as was the case for one hospital mentioned in these article from Absolute.com and CNBC.
While ransomware attacks on any business can be problematic, the fact that they can create a life or death scenario for hospitals means serious preparation is needed to avoid a crisis. Doctors/medical providers are necessarily concerned about the care of their patients and their own reputations. While a doctor does not absolutely need medical records to be able to treat a patient, there is a great deal of risk involved trying to treat someone without knowing all the facts. There is also a risk that patients will suffer if the doctors wait until the records are available to treat. Time-sensitive health issues further complicate this for doctors. From a patient’s perspective, this causes them concern about whether they are going to get proper treatment, it also causes them stress wondering if they will be able to get timely treatment, and whether they can trust the providers and hospital with their life. All of this means more healthcare costs as hospitals and providers finds way to address the issue.
This should serve as a reminder to all businesses about the importance of cybersecurity. Have you thought about the worst-case scenario if your business gets hit? Do you have a plan in place for dealing with the inevitable cyberattack? If not, there’s no time like the present to create a cybersecurity incident response plan. A small investment now could save you big time down the road and may even save a life.