From the Citizen’s Council for Health Care Freedom e-newsletter:
Hacker attacks using ‘ransomware’ endanger patient lives. Recent attacks on electronic health record (EHR) systems have disabled hospitals full of sick and dying patients.
Under this digital extortion scheme, hackers infect EHR systems with malware that locks down hospital computers and then demand Bitcoin ransom payments to decrypt the data. In 2014, ransomware thieves extorted $27 million in just six months. Some IT experts worry ransomware could be the downfall of health care. Hospitals areparticularly vulnerable to these crimes:
“Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.”
EHRs are used to order treatment, deliver care, monitor patients, track physician decisions, and conduct financial, coverage, and administrative functions. EHRs are not computerized versions of your paper medical record, and therefore much more valuable. The most recent of the 10ransomware attacks we’ve heard about are:
- Alvarado Hospital Medical Center, San Diego, CA – this week
- MedStar Health (10 hospitals, 250 outpatient clinics) – last week
- Prime Healthcare Services, 2 hospitals – March 18, 2016
How did we get here? In February 2009, less than one month after Obama’s inauguration, Congress passed the American Recovery and Reinvestment Act (ARRA), which included a mandate that all clinics and hospitals adopt and “meaningfully use” a government-certified EHR or face financial penalties (reduced Medicare payments). This mandate was considered the foundation of Obamacare. But as HIStalk reports:
The transition away from paper records to digital systems has helped hospitals become a hacker’s sweet spot.
The reason, according to one expert, is because the new EHR, filled with financial information, “can be a source of monetization.” The following federal chart shows the growth of EHRs between the 2009 passage ARRA and the January 1, 2014 “implement or be fined” date:
In the midst of these dangers to patients and privacy, health care costs are rising to pay for the unfunded EHR mandate…and to fund the ransoms necessary to reclaim hijacked EHRs.