Ransomware has become one of the toughest problems in cybersecurity and a threat to industries around the world. But it’s even more damaging when it hits hospital chains, causing trickle-down damage to patient care across the country.
One fine day, A lady Kelley Parsi took her 3 year-old son to a hospital with some serious conditions, she expected doctors to quickly treat him for pain and send him home. Instead, she says the trip turned out to be one of the scariest days of her life.
A computer system that automatically calculates drug doses was malfunctioning, the resident doctor informed her, and he mistakenly “gave him five times what was prescribed,” she said. She later learned that a cyberattack had taken down some of the hospital’s digital tools. She waited for hours and panicked as her son’s body processed the overdose.
“Due to the cyberattack, my son overdosed on pain medication,” Parsi said. He has made a full recovery, she said.
Ransomware, where hackers rob companies and organizations by holding computers and files hostage, has become one of the toughest problems in cybersecurity and a threat to industries worldwide. But it’s even more damaging when it hits hospital chains, causing trickle-down damage to patient care across the country.
MercyOne was hit by ransomware hackers in early October, part of a larger breach that caused hospital disruptions across multiple health systems, according to The Des Moines Register. CommonSpirit Health, a nonprofit health system based in Chicago, oversees 140 hospitals in 21 states; It was not clear how many of those hospitals were affected and declined to share the number.
CommonSpirit sold MercyOne, the hospital where Parsi took her son, to another hospital chain in September. But MercyOne and CommonSpirit still share IT systems, a CommonSpirit spokesperson told NBC News. Ransomware hackers often infiltrate an organization’s computer networks, then use that step to move on to other victims. This year, 19 large U.S. Hospital chains have been hacked with ransomware, said Brett Callow, an analyst at cybersecurity firm MCSoft.
Parsi’s hospital, MercyOne, declined to comment on her condition, citing patient confidentiality. “We are committed to providing safe quality care to all patients we serve in their time of need,” a spokesperson said in a statement. Ransomware attacks hit a variety of sensitive industries, but few, if any, cause as much damage as attacks on hospitals.
For Rachel Cupples of Western Washington, the CommonSpirit Health ransomware attack delayed an important surgery for weeks. After she went to the emergency room in late September for excruciating pain, doctors told her she had an ovarian cyst that needed to be removed quickly. But when she tried to schedule the procedure, Cupples discovered that her hospital wasn’t taking new surgery appointments because of the ransomware attack. She announced that, like some other affected CommonSpirit Health hospitals, she is having trouble scheduling new patients.
“I called and all their systems were down and they couldn’t schedule or do anything,” Cupples, 44, said.
“Nobody knew at the time how long it would last, or at least they didn’t share.”
Eventually, CommonSpirit Health brought its scheduling systems back online late last month, and Cupples successfully underwent surgery Thursday.
There has only been one credible public allegation of ransomware, which resulted in one person dying in hospital. An Alabama woman is suing her hospital, which is not affiliated with CommonSpirit Health, after her newborn baby died and she failed to disclose it was providing risky care because of a cyberattack. A study last year from the federal Cybersecurity and Infrastructure Security Agency found that hospitals hit by ransomware experienced greater stress, which often correlated with higher patient mortality rates.
Parsi and Cupples say hawkers, not hospitals, are to blame for their pain from delayed care.
“It’s not the doctors. It wasn’t the medical receptionist or any of them,” Cupples said. “They really did their best.”
Megan Stifel, chief strategy officer at the Institute for Security and Technology, U.S. A think tank working to improve cyber security policy shows how ransomware infects hospitals with criminal hackers.
“If you take a hospital system offline for a few days, there’s a tremendous backlog,” Stifel said. “How much do we need to get people’s attention to say this is a real problem? It affects human life.”