[Skip to Content]
[Skip to Content Landing]

Episode 3: Impacts and Consequences of a Cyber AttackCybersecurity for the Clinician

0.25 Credit

This “Cybersecurity for the Clinician” video training series totaling 47 minutes among eight videos explains in easy, non-technical language what clinicians and students in the medical profession need to understand about how cyber attacks can affect clinical operations and patient safety, and how to do your part to help keep health care data, systems and patients safe from cyber threats. Episode 3: Impacts and Consequences of a Cyber Attack, describes how large-scale cyber-attacks (such as ransomware attacks) negatively affect patients and health care providers.

Sign in to take quiz and track your certificates

The AMA Ed Hub™ is a unified education portal that provides a personalized experience for physicians and their care teams to keep current, increase their professional satisfaction, claim continuing education credits and continuously improve the care they provide–leading to real world outcomes of better healthcare and better health for their patients. Learn more

Video Transcript

[00:00:00] Christian Dameff, MD: Welcome back to our Cybersecurity for the Clinicians series. I'm Dr Christian Dameff, practicing emergency medicine physician and medical director of cybersecurity. In this episode, we'll talk about how cyberattacks can impact your organization, your clinical care, and patient safety. And we'll highlight a few real-world incidents that disabled health care delivery in organizations both large and small.

[00:00:29] Patients trust us with their lives, but do we protect them from cyber threats? What happens if they're being treated when a hospital suffers a debilitating cyber attack? How does your organization respond? What do you do? What are all the things that can happen? And just as importantly, what are all the things that get stopped from happening?

[00:00:51] So let's take a look at some recent high-profile incidents. You've heard of ransomware. Hackers locking up the data, IT systems, and other technology in a hospital system until the victim pays them a ransom. This is now, unfortunately, a common feature of health care systems these days. Consider this: Separate ransomware attacks in 2017 against health services in the United Kingdom, and in 2021 against the Irish Health Service, forced emergency rooms and other health care organizations to temporarily turn away patients. In the United States, a single ransomware attack affected over 400 health care delivery organizations, many of which were already under significant strain as they were located in COVID-19 hotspots.

[00:01:37] In May of 2021, a health care system was hit by a ransomware attack that exposed health records of an estimated 144 000 patients. The attack affected scheduling of appointments and knocked other critical systems offline. For most of that entire month. In addition, without access to critical IT and communication technology, the system was forced to reroute stroke and heart attack patients from four of its main hospitals.

[00:02:04] Trauma patients could not be accepted at two of its facilities. They had to be rerouted to other regional health care systems that were not prepared for the surge. The hospital system said it took four weeks to recover from the attack. And finally, there was a ransomware attack at one of the largest health care providers in the United States, which operates 26 acute care hospitals, 330 behavioral health facilities, and 41 outpatient facilities.

[00:02:31] The attack resulted in $67 million in pretax losses due to the cost of remediation, loss of acute care services, and other expenses. Losses sustained as a result of the attack are expected to exceed $113 million.

[00:02:47] Think about this: health care professionals understand the importance of handwashing when it comes to mitigating the spread of diseases.

[00:02:55] The same is true for good cybersecurity practices. Mostly simple things that we can all do to reduce the risk of cyberattacks and data breaches. Without good cybersecurity policies in place, and without simple training for you, the clinicians, cyberattacks will disrupt your ability to provide lifesaving care.

[00:03:15] Let's look at more ways that cyberattacks can affect us. Medical devices can stop working or their settings be corrupted so that they actually are dangerous to the patients. Strokes, trauma, cardiac, and other services can be closed for admissions. Radiation and other treatments for cancer patients, including surgery, are delayed.

[00:03:36] Medical records about prescriptions, diagnoses, and therapies become inaccessible and some may be permanently lost. Research or lab clinical trial data can be lost. Payment systems are down. You're unable to order and receive supplies. You've moved to a paper system temporarily, which causes enormous time lags, inefficiencies, and errors.

[00:03:59] Staff are furloughed. In addition to the obvious impacts on direct patient care, A cyberattack can impose on hospitals or health care providers other risks, such as: a damaged reputation, lost patient trust, lawsuits, regulatory penalties, reduced stock value, and strained employee morale and burnout. It is tough stuff.

[00:04:22] Cybersecurity is no joke, because the online world is so interconnected. Everyone is a target, including you. If just one of your accounts gets breached, criminals can use it to breach others. Criminals may target personal accounts and data in order to breach corporate accounts and vice versa. Fraud and identity theft doesn't just affect an individual. It can affect your family, friends, coworkers, patients, and businesses.

[00:04:51] If a malicious hacker has your name, address, social security number, and date of birth, they can steal your identity. With this information, criminals can now open new accounts, purchase big ticket items, and take money out of your bank account.

[00:05:05] Because of this, identity data is tremendously valuable. So what can criminals do with your medical identity? This includes the identity information I mentioned, plus your insurance card and health care data. Using this, a hacker can use your insurance card to obtain free medical care, obtain drug prescriptions, or submit false medical claims.

[00:05:27] Unlike a credit card, these medical claims don't have a credit limit. Instead, if something is deemed medically necessary, the expense will be reimbursed. Hence, criminals can make a great profit. Medical identity theft is not a victimless crime. If someone obtains medical care under your name, this care may appear on your record.

[00:05:46] Cleaning up such problems costs around $13 000 on average. It requires a lawyer and is complicated by HIPAA privacy rules. The bigger numbers are staggering. In one year alone, between 2020 and 2021, the health care records of more than 44 million individuals were breached or compromised.

[00:06:06] So have I scared you by now?

[00:06:08] Well, my hope is not actually to scare you, but to empower you, to give you the basic knowledge and awareness that you need to understand that you have a role in protecting your organization and your patients. And of course, it isn't entirely up to you. It's a team effort led by your information security and IT people.

[00:06:25] If you pass them in the hall and have a question about cybersecurity, let them know. Ask how you can help. Let them know you appreciate what they're doing, that you can't support patient safety without cyber safety. Thank you for watching. In this next video, we'll talk about how hackers are able to do what they do and how you can get in their way.

[00:06:46] See you next time.

Video Information

Disclosure Statement: Unless noted, all individuals in control of content reported no relevant financial relationships.

If applicable, all relevant financial relationships have been mitigated.

Participation Statement: Upon completion of this activity, learners will receive a Participation Certificate.


Name Your Search

Save Search

Lookup An Activity


My Saved Searches

You currently have no searches saved.


My Saved Courses

You currently have no courses saved.