Tag Archives: hacking

Hospital Acquired Condition

Hospital pays hackers ransom of 40 bitcoins to release medical records

By Kim Smiley

In February 2016, Hollywood Presbyterian Medical Center’s computer network was hit with a cyberattack.  The hackers took over the computer system, blocking access to medical records and email, and demanded ransom in return for restoring the system.  After days without access to their computer system, the hospital paid the hackers 40 bitcoins, worth about $17,000, in ransom and regained control of the network.

A Cause Map, an intuitive visual format for performing a root cause analysis, can be built to analyze this incident.  Not all of the information from the investigation has been released to the public, but an initial Cause Map can be created to capture what is now known.  As more information is available, the Cause Map can easily be expanded to incorporate it.

The first step in the Cause Mapping process is to fill in an Outline with the basic background information.  The bottom portion of the Outline has a place to list the impacts to the goals.  In this incident, as with most, more than one goal was impacted.  The patient safety goal was impacted because patient care was potentially disrupted because the hospital was unable to access medical records.  The economic goal was also impacted because the hospital paid about $17,000 to the hackers.  The fact that the hackers got away with the crime could be considered an impact to the compliance goal.  To view a filled-in Outline as well as a high level Cause Map, click on “Download PDF” above.

Once the Outline is completed, defining the problem, the next step is to build the Cause Map to analyze the issue. The Cause Map is built by asking “why” questions and laying out the answers to show all the cause-and-effect relationships that contributed to an issue.  In this example, the hospital paid ransom to hackers because they were unable to access their medical records.  This occurred because the hospital used electronic medical records, hackers blocked access to them and there was no back-up of the information.  (When more than one cause contributed to an effect, the causes are listed vertically on the Cause Map and separated with an “and”.)

How the hackers were able to gain access to the network hasn’t been released, but generally these types of ransomware attacks start by the hacker sending what seems to be routine email with an attached file such as a Word document. If somebody enables content on the attachment, the virus can access the system. Once the system is infected, the data on it is encrypted and the user is told that they need to pay the hackers to gain access to the encryption key that will unlock the system. Once the system has been locked up by ransomware, it can be very difficult to gain access of the data again unless the ransom is paid.  Unless a system is designed with robust back-ups, the only choices are likely to be to pay the ransom or lose the data.

The best way to deal with these types of attacks is to prevent them. Do not click on unknown links or attachments.  Good firewalls and anti-virus software may help if a person does click on something suspicious, but it can’t always prevent infection.  Many experts are concerned about the precedent set by businesses choosing to pay the ransom and fear these attacks may become increasingly common as they prove effective.

Root Cause

Medical Device Vulnerable to Hacking

By Kim Smiley

The Food and Drug Administration (FDA) made headlines when they issued a warning that a computerized pump used for infusion therapy, Hospira Symbiq Infusion System, has cybersecurity vulnerabilities. Hacking is scary enough when talking about a laptop, but the stakes are much higher if someone had the ability to alter the dosage of critical medication.

A Cause Map, a visual format for performing root cause analysis, can be used to analyze this issue.  The first step in the Cause Mapping process is to fill in an Outline with the basic background information, including how the issue impacts the overall goals.  Defining the impacts to the goals helps define the scope of an issue.  Once the Outline is completed, one of the impacted goals is used as the starting point to building the Cause Map itself.  For example, the potential risk of serious injury or death is an impact to the patient safety goal and would be the first cause box on the Cause Map.  The rest of the Cause Map is built by asking “why” questions and documenting the answers in cause boxes to intuitively lay out the cause-and-effect relationships.

So why is there potential for injury or death with the use of the Hospira Symbiq Infusion System?  It is possible for a patient to receive the incorrect dosage of medication because the system could be accessed remotely by an unauthorized user who could theoretically change the settings.  There have been no reported cases where this infusion pump system has been hacked, but both Hospira and an independent researcher have confirmed that it is possible.

This system is vulnerable to hacking because it is designed to communicate with hospital networks and the design has a software bug that could allow it to be accessed remotely via a hospital’s network.  The infusion system was designed to interface with hospital networks to help reduce medication dosage errors because the dosage information wouldn’t need to be entered multiple times.

The final step in the Cause Mapping process is to develop solutions to help reduce the risk of similar errors in the future.  In this specific example, the FDA has strongly encouraged healthcare facilities to transition to alternative infusion systems as soon as possible.  Hospira discontinued this specific design of infusion system in 2013, reportedly due to unrelated issues, but it is still available for sale by third-party companies and used by many healthcare facilities. There will not be a software patch provided or any other means to make the Hospira Symbiq Infusion System less vulnerable to hacking so the only option going forward will be to switch to a different infusion system. During the time required to transition to new equipment, the FDA has provided specific steps that can be taken to reduce the risk of unauthorized system access that can be read here.