Posted on 08/04/2023 8:01:54 AM PDT by ChicagoConservative27
Hospitals and clinics in five states are facing disruptions due to a cyberattack Thursday that forced some emergency rooms to close.
The attack began at facilities operated by Prospect Medical Holdings. The company’s facilities in California, Texas, Connecticut, Rhode Island and Pennsylvania were affected by the cyberattack.
“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday.
(Excerpt) Read more at thehill.com ...
I have worked for decades in Healthcare IT, and as you can guess, I have very strong feelings on this. When I posted above at #6, I was in no way hyperbolic or exaggerating for effect.
I have been on vacation for several weeks (first time in nearly thirty years I have been able to do that) and when I saw this title, my heart went into my throat as I scanned the affected regions.
I am posting this because many people are unaware of the threat specifically faced by hospitals.
For those who are unaware, ransomware attacks are the preferred choice of professionals now against hospitals. We are constantly on guard for a host of other types of vulnerabilities, but ransomware attacks are the ones that cause us to lay awake in bed in the dark of the night, and send chills down our spine when we hear of a threat or attack.
They attack hospitals because...they are the most vulnerable to being preyed upon for profit. Many hospitals have paid to resolve the ransomware attacks, because they have to.
And ransomware attackers know this.
There was a hospital in the last several years in my region that was hit with a vicious ransomware attack. They were generous enough to share their experience with people in healthcare, and I was invited with dozens of other people to take part in a videoconference where they discussed it in detail.
The ransomware attack not only encrypted their database and other key components, it sought out backups, and encrypted those too. And it also attacked their network and took that down, IIRC.
In a flash, they were taken back to a time when hospitals used paper requisitions for procedures and had no easy access to prior medical imaging, and no way to view or share current imaging. Their digital dictation was also taken down.
There was no workable “downtime procedure” to prepare them for that scenario as all who listened well understood. It put them out of commission for months, and last I heard and got caught up in my own affairs (and thus did not follow further) they were still not fully back online.
They said it was like the zombie apocalypse, in the beginning, they had to lock the doors to the rooms where the physicians were working to allow them to work, while other clinicians assembled in a group outside the door waiting for test results.
As they discussed it in terrible detail, you could hear the awful emotion in their voices. That experience left a mark on them, knowing people were depending on them to find a way to provide care on the fly, some of them depending with their lives. (I believe they were the only Level I trauma center in the state, so they couldn’t divert to another hospital on many things as might normally be done in an event like this)
My team members who were on that call were similarly affected, and we determined that we were going to find somehow, some way to function, at some level if we ever fell prey to it, but the problems of doing this are so huge in the modern medical environment, and so costly, that we have been unable to do more than discuss prospective solutions. One of my team has written a rudimentary order entry system for our department that we can put on a server off the network that will allow us to place “orders” for tests, put results on them, and print them out to a printer connected directly to the server. We still have not solved image storage and distribution in this situation, but that will likely involve a completely offline system with multiple workstations connected for image interpretation for more than one physician. All bypassing the data closets, or possibly using the same networking wiring to the closets without the advanced switches and such in the closets, because the ransomware attack took those down as well, IIRC.
It is easy to be an observer and say “they should have done this, and they should have done that” but the fact of the matter is...if all these things, visible or not, that we depend on to function go down, your options narrow quite dramatically. And to plan this stuff, for a total disablement of modern infrastructure that depends on networks and communication, is nearly impossible, especially in a healthcare environment. It takes time, money, and resources.
This is something we should all keep in mind. Nobody thinks this will happen to the Internet where everyone is knocked offline. Impossible, they say. Too much redundancy, they say. But if we have a major EMP event, man-caused or naturally caused (similar to the Carrington Event of 1859) the entire world is going to be in big trouble.
My wife and I were observing a trio of young college age students in a very rural college, videoconferencing at a coffeeshop, all of them glued to their phones, communicating and generally completely unaware that there was a world all around them, never mind the person sitting a foot away in their group. I understood their desire to live a different type of human experience, but at the same time, had the sinking feeling that if we did experience a major EMP pulse because of a massive solar storm and the entire Internet went down, people like these kids would be like bugs, on their backs, their legs wiggling helplessly in the air.
We have done so much, to make various forms of knowledge (ranging from fixing a kitchen sink to records of ancient civilizations) available at the touch of a finger, that if technology were removed, we might lose access to ALL of that, as the “hard copy” is thought by many to be unnecessary. I know of large businesses that have completely ignored the concept of “hard copy”.
Honestly, it frightens me a bit.
We all need to be aware of this possibility, and I think the overwhelmingly massive groups of people in developed countries are simply totally detached and unaware of this terrible possibility.
It is disconcerting, and very sobering.
And that is one reason, that we have become so utterly dependent on technology, that I feel that hacking needs to be addressed severely and head on.
There was once a time when piracy was endemic. If you traveled the seas, you had to be aware of any unknown ship appearing on the horizon, because the pirates you would encounter are nothing like the pirates you see romanticized in Hollywood today.
There is a reason we only really see piracy now in places like the Horn of Africa or the coastal seas of some Asian regions-because the world decided to deal with piracy uniformly and severely, to the point of displaying the bodies of convicted pirates in cages at the entrances of harbors around the world, coated in tar to preserve them.
We need to do the same to hackers, and severely punish countries that openly tolerate that activity.
> They attack hospitals because...they are the most vulnerable
Everybody cries victim. I have zero pity for the medical industrial complex. If they paid for competent IT staff to architect and implement systems instead of diversity enforcement directors it could be far less of a risk.
But, you know, priorities.
You are welcome to entertain your own opinions. This specific discussion ISN’T about what is good or bad for any healthcare facility.
It is what is good or bad for the patient.
FYI, the word “vulnerable” wasn’t referring to the crying victimhood of some hospital that may or may not have prepared itself against an attack, as you seem to have in your view.
The use of the word “vulnerable” is used in this specific discussion in the same way a ship without air defenses in war is vulnerable to an attack from the air.
Do you understand that difference?
Going cheap on security leaves one vulnerable. I understand that.
Patients are the ones caught in the "without air defenses..." situation.
Okay...I didn’t want to misunderstand you.
By the way, I am not in any way defending healthcare with respect to wokeness. It is one of the singularly MOST woke sectors of the economy there is, and it has caused me a GREAT deal of anguish and disillusionment.
I believe it HARMS patient care and makes it more expensive. In that, you and I are on the same page I believe.
Exactly right- and suddenly we’re improvising and trying to adapt. It never lasts too long, but suddenly staff are walking everywhere, lab, xray, central supply etc. because they can’t access information without the software or phone system. 21st Century technology is not always reliable.
thanks
Thank you for taking the time to lay out the details. It is a huge deal when a computer system in a hospital goes down. It’s not so easy to just go back to paper. Younger nurses have little experience with that. They are trained and geared toward that. Moreover the baseline is zero. The relevant data went down with the computer so there is nothing to refer to. The chart starts at zero. You may not even have a patient’s name let alone a diagnosis. People who haven’t worked in a hospital are clueless
You laid it out shirt and direct. Thank you
I can tell you, it is well nigh impossible. You don't even have the five part carbon copy exam requisitions, hand-held tape recorders or anything like that on hand.
I have had to arrange something similar in short term for an isolated system, but never everything at once.
Just, Damn.
I try not to ponder these situations to often
I wish I didn’t have to.
I am getting close to retirement, and the stress of those situations, when there is a patient having a stroke in the ED and you have to get a result ASAP because it may make the difference between losing some function in a hand or foot and losing an entire side of a body completely...the stress is off the charts.
I feel it, and over the years, it has taken its toll on me. I like what I do and I love the team I am on, but the stress is leaving a mark on me.
It is why my daughter did get masters and is a family practice NP. She still has patient contact but without the horrors of the hospital. Ten years as an IVU nurse convinced her
It takes it out of you that’s for sure. Enjoy your retirement
LOL, when I get there, FRiend, I mean to!
Thank you- you’ve laid out the situation clearly. In my hospital when our phones are down or various software apps are out it’s a nightmare. The snowball effect is in full force. If a doc can’t access STAT test results they’re unable to even consider the next treatment options for the patient. And that’s just one example. Scary. Really scary.
Ywo words: paper files.
🤗🤗🤗
What is scary is that is isn’t just that way in hospitals...every walk of life is unprepared to be fully offline.
But you, working in healthcare, know EXACTLY what I am talking about, don’t you?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.