The way hospitals respond to a cyberattack can result in a slower response to critical heart patients.
After an attack, corrective actions to improve security in hospital information technology systems may “disrupt care processes” and reduce the quality of care, according to a study published by researchers at Vanderbilt University and the University of Central Florida.
Krebs on Security, a site that covers cybersecurity issues, first reported on the study.
As a backdrop to the study, PBS NewsHour, which also wrote about the research, cited Gillette, Wy.-based, Campbell County Health as an example. In September, Campbell County suffered a devastating ransomware attack that brought down its computers, affecting the main hospital and a number of clinics.
The research measured the time it takes a patient suffering a possible heart attack to get from the emergency room door to the electrocardiogram (EKG) room to get a reading. It also measured the 30‐day mortality rate for heart attacks.
The time to an EKG “increased by as much as 2.7 minutes after a data breach, and this lag remained as high as 2 minutes even after three to four years,” according to the PBS report, which interviewed the study's authors.
Additionally, “as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined in the new study,” the PBS report added.
Nevertheless, Adam Kujawa, director of Malwarebytes Labs, a cybersecurity company, says that large organizations with critical services running on computer networks still need to be extra cautious in the face of the rising rate of ransomware attacks on hospitals and schools.
“We tell org[anizations] that they need to identify the [juiciest] data on their networks to put behind additional security,” Kujawa told Fox News in an interview.
Not having robust security could also have serious consequences for patients who would be cut off from access to critical services for days or weeks after a ransomware attack.
“It is also important that hospitals do not shy away from enhancing their security," Brett Callow, a spokesperson at Emsisoft, a firm that makes cybersecurity software, told Fox News. "Not addressing security weakness could negatively impact patient care and outcomes [too].”