Ransomware has been perhaps the defining cybersecurity story of the last six to eight months. So it's no surprise that it's starting to get the Hollywood treatment.
This week, the main storyline of The Good Doctor, a medical show on ABC, was devoted to a ransomware attack. After an automated dispensing system in the operating room wouldn't open, it was revealed that the entire network was down.
The issues compounded from there. Chemotherapy appointments had to be rejiggered. Non-essential surgeries were postponed. It's up to one of the main characters, who is also the IT director, to find a solution in 24 hours or the hospital will be forced to pay $2 million.
It's no surprise that this ransomware attack was set in a hospital, because they have been one of the hardest hit sectors over the last year. In 2020, 560 healthcare facilities were hit with ransomware. That accounts for nearly 25% of all reported ransomware attacks in the US.
Ransomware attacks have multiple impacts. In 2018, a ransomware attack at an Ohio hospital forced emergency room patients to be diverted elsewhere. In general, 36 percent of facilities attacked were unable to provide care for at least five hours. Even more alarmingly, one study found that breaches not only reduce the quality of care, but actually increase the 30-day mortality rate for up to two years.
In the episode, it's never revealed how the hackers infiltrated the network. We do know that they were there for months, encrypting active, on-site and cloud-based servers. The actual solution—one server had been put aside after an employee spilled coffee on it, but it was salvageable enough to restore and thus reboot the network from backup, avoiding the ransom altogether—does seem too good to be true.
However, this is illustrative of the potentially catastrophic effects that ransomware can have on healthcare facilities.
Guarding against ransomware attacks can be challenging. With proper protections, though, avoiding an incident like the one in The Good Doctor is possible.
Download our whitepaper about the phishing pandemic in healthcare to learn more about the scope of the problem and how to best prevent it.