Ransomware has been the buzzword on everyone’s lips this month, as hackers attack computer systems around the world. Despite the potentially fatal consequences, healthcare sectors around the world have not been spared from these attacks.
Back in May, the UK suffered a serious disruption of its National Health Service (NHS) when malware known as “Wannacry” locked employees out of critical systems. Hospitals and healthcare professionals in England and Scotland across 16 separate trusts were impacted, as staff had to go back to pen and paper systems. Some also used their own mobile devices to coordinate with patients and track records, as others simply had to turn patients away due to their inability to access critical information.
While that attack failed to impact the American healthcare sector, this month’s ransomware concern – known as “Petya” – did reach the US pharmaceutical sector this week.
Ransomware Attacks Merck Pharmaceuticals
“We confirm our company’s computer network was compromised today as part of global hack,” the company confirmed on Tueday, via its Twitter account. Although no further details were provided, the potential danger of such an attack has been clearly signaled with the Wannacry incident.
Fears have been growing among US health professionals that a large-scale cyber attack could hit the healthcare sector. While American systems are typically more modern than the UK’s dated public system, some of are many years out of date, the risk still exists if important updates have not been downloaded.
Some of the risks of ransomware to the healthcare sector include:
- Restricted access to critical patient data like medical history and prescription information.
- Crucial software that keeps important equipment operational can stop running.
- Research is slowed or brought to a halt as access to outside data networks is denied.
- Indefinite denial of decryption, rendering encrypted files essentially lost to their owners.
While no patients have suffered yet as a result of this attack, dozens of other US businesses have been affected and its scope is immense. The fact that the same ransomware can bring global shipping giant Maersk to its knees shows the extent to which even relatively basic attacks can disrupt even sophisticated global organizations.
Merck is the first major American healthcare organization to be hit by such an attack, but it’s safe to say that it won’t be the last. Medical data is a high-value resource and provides a compelling target for would-be attackers. American companies also have deep pockets and need to avoid high-profile disruptions that could damage their stock price. This only exacerbates the risk and increases the chances that the healthcare sector will be attacked again.
The threat from ransomware to U.S. patients is real and growing. It falls to both individual organizations and government agencies to ensure that the healthcare sector is ready to handle these attacks and limit the damage should they hit critical facilities such as hospitals and medical systems.