Hospitals Under Attack From Malicious Computer Viruses
It is easy to think that the only cyber risk facing hospitals’ or physicians’ offices has to do with data loss. A lot has been written on how medical facilities are attractive to hackers because of the sensitive personal data that’s stored on their computer systems. But in the latest edition of MPL News we focus on an emerging issue that’s received far less media attention - and one that can cause actual physical damage and potentially endanger patient safety: cyber attacks.
Malware that interferes with the control of industrial machinery, equipment or systems is relatively widespread with frequently reported incidents focused on utilities and nuclear facilities. But hospitals are also vulnerable and the Department of Homeland Security recently revealed that four healthcare facilities were subjected to cyber attacks in 2012.
Hospitals are arguably "soft targets" because a cyber attack can cause a lot of damage quite easily - either through the use of malware or direct hacking. That’s partly because computer-controlled devices in healthcare facilities can remain in use for many years and end up running on outdated, more vulnerable software.
Examples include more than 40 viruses infecting such devices as X-ray machines and lab equipment in over 300 VA hospitals. In another case, the so-called Conflicker virus reportedly infected 104 devices at the James A. Haley Veterans’ Hospital in Tampa, Florida over a three-week period, including mammography viewing equipment and a Siemens gamma camera for nuclear medicine studies.
Perhaps more worrying is the possibility of surgical devices, such as ventilators and drug infusion pumps being accessed remotely, via the Internet. Research by the FDA has found that such medical devices are vulnerable and that there have already been many cases of malware infection, it said.
Clearly, such emerging risks are important in the context of liability coverages: So don’t hesitate to contact us if you want to find out how your policies could be impacted.
Read our full publication for more on cyber risk and medical facilities.