Technology is a wonderful thing, and it has helped many people improve their lives. However, as with all technology, it is a cautionary tale, since the tools that can free a man can also be used to enslave him. NBC News reports on this topic by way of a series of hack attacks that have hit major US hospitals, potentially putting the lives of countless sick people at risk.
A major hospital chain has been hit by what appears to be one of the largest medical cyberattacks in United States history.
Computer systems for Universal Health Services, which has more than 400 locations, primarily in the U.S., began to fail over the weekend, and some hospitals have had to resort to filing patient information with pen and paper, according to multiple people familiar with the situation.
Universal Health Services did not immediately respond to requests for comment, but posted a statement to its website that its company-wide network “is currently offline, due to an IT security issue. One person familiar with the company’s response efforts who was not authorized to speak to the press said that the attack “looks and smells like ransomware.”
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common. A patient died after a ransomware attack against a German hospital in early September required her to be moved to a different hospital, leading to speculation that it may be the first known death from ransomware. (source)
There is a lot of talk about whether or not hospitals, like even police departments and fire departments, should be in the hands of ‘private businesses’. While not always bad in the case of hospitals, they often run on tight budgets, and corners are often cut because of financial concerns or for shareholder gain, while sacrificing patient safety. Public hospitals can do this, but because they are public entities, they have the unlimited funding of the government coffers, and so are less likely to do this and when done, less likely for the same reasons.
Taking hospitals hostage by the computer system today is no different than a group of people storming a hospital and holding the physical building, but the former is much ‘safter’ because it can kill a lot of people with no physical presence, only that of a computer. It is a more ideal tool for inflicting maximum damage with minimum effort.
As a trend, this is something that people should be on the lookout for, and expect to see more of this in the future. It may also bring about, even temporarily, an rise in the use of “paper” records again, since if one cannot access records by computer, there would need to be a physical backup or means to the same end as a safety measure.
Hackers seeking to deploy ransomware often wait until the weekend, when a company is likely to not have as many technical staff members present.
“Hackers” are not just teenagers in their bedrooms with soda, or strange people who wear black hoodies and sit hunched over at computers in dark places late at night looking for people to attack online. These are probably the least worrisome groups. The real hacker groups that are the most dangerous are those in the militaries and governments of the world, since they have unlimited resources, unlimited legal protections and anonymity from their governments, and they are being paid for what they do (as opposed to a ‘street hacker’ who does his craft to try and hopefully get paid by his actions). Likewise, with the rise of AI, a lot of the ‘hacking tools’ today are now being built by the ‘hackers’ and it is the AI that does the hacking, thus making the work more efficient and re-organizing the distribution of labor as a part of the pursuit.
Two Universal Health Services nurses, who requested to not be named because they weren’t authorized by the company to speak with the media, said that the attack began over the weekend and had left medical staff to work with pen and paper.
One of the nurses, who works in a facility in North Dakota, said that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.
Another registered nurse at a facility in Arizona who worked this weekend said “the computer just started shutting down on its own.”
“Our medication system is all online, so that’s been difficult,” the Arizona nurse said.
I and many others have warned for years that putting all systems online and making it so that they can only be accessed online no matter what the business does is a terrible idea because of incidents such as this. Life is not perfect, and as much as it can run very well most of the time, things happen, and when they do, the concentration of information into a single location puts the entire system at risk of destruction and with that, having real effects on real people.
The push for technology is good, but efficiency cannot come at the expense of safety. This is a common problem seen for decades, and even centuries in the ‘corporate world’, and continues to be so as the drive for greed is greater than the drive for care about the people working in the actual positions themselves.
While many patient charts at that facility are on paper, medication information is maintained online, though it’s backed up at the end of each day, the nurse said.
“We had those up to date as of the 26th,” the person said.
“Now we had to hand-label every medication,” the nurse said. “It’s all improv.”
“When nurses and physicians can’t access labs, radiology or cardiology reports, that can dramatically slow down treatment, and in extreme cases, force re-routing for critical care to other treatment centers,” he said. “When these systems go down, there is the very real possibility that people can die.”
One may see this in the future. Many countries will attack places such as hospitals or other areas because in a war, there really are no rules since it is often a pursuit of power with no care for any one, except the form has changed but not the essence.
With global conflict escalating and the systems of war and attack changing in tools but remaining in principle the exact same as in the past, we can see here, through a small example, a warning of what is to come, and that is that in a third global conflict, he who masters and dominates the computer will be most likely to have the most successful outcome.