The cyberattack on MedStar Health — one of the biggest health-care systems in the Washington region — is a foreboding sign that an industry racing to digitize patient records and services faces a new kind of security threat that it is ill-prepared to handle, security experts and hospital officials say.
For years, hospitals and the health care industry have been focused on keeping patient data from falling into the wrong hands. But the recent attacks at MedStar and other hospitals across the country highlight an even more frightening downside of security breaches: As hospitals have become dependent on electronic systems to coordinate care, communicate critical health data and avoid medication errors, patients’ well-being may also be at stake when hackers strike.
Hospitals are used to chasing the latest medical innovations, but they are rapidly learning that caring for sick people also means protecting their medical records and technology systems against hackers. An industry that has traditionally spent a small fraction of its budget on cyberdefense is finding it must also teach doctors and nurses not to click on suspicious links and shore up its technical systems against hackers armed with an ever-evolving set of tools.