
Ransomware, Data Breaches at Hospitals Tied to Uptick in Fatal Heart Attacks - sandwall
https://krebsonsecurity.com/2019/11/study-ransomware-data-breaches-at-hospitals-tied-to-uptick-in-fatal-heart-attacks/
======
Scoundreller
This study may be biased toward smaller/rural/poorer locales.

In big-city Canada, patients with heart attack symptoms will usually have an
ECG done by paramedics before arriving.

In the US, this has quite survival advantage.

[https://heart.bmj.com/content/100/12/944](https://heart.bmj.com/content/100/12/944)

I don’t know if it’s standard practice to do another upon arrival, but it is
redundant and should probably take a back seat to activating other processes
that need to happen.

It also helps send them to the most appropriate facility.

~~~
analog31
So, don't ask me how I know this...

If you are having chest pain, call 911. If you mention "chest pain" to them,
you hear a beep in the background, and everything else is a machine.

In my locale, the paramedics carry a portable EKG. If they decide to take you
for a ride, they have an EKG machine in the ambulance that's networked to the
hospital, and a cardiologist is now on your team. When you arrive, you get
wheeled into a special room where an entire heart attack team is standing
there, waiting for you.

At that point they do another EKG, and as I understand it, their machine has a
larger number of electrodes, so they can get more detailed information from
it. The patient is never off an EKG at this point, and it's not a discrete
step, but is a continuous monitor.

A blood test will confirm the presence of an enzyme that's produced if the
heart muscle is stressed. This is a rapid test, the lab is ready and waiting
for the sample.

So, the second EKG isn't really consuming time, since other stuff is happening
concurrently, and they need the EKG running continuously to make minute by
minute decisions. Regardless of what happens, you're on the EKG until you go
home.

I don't know if rural or poorer locations have less sophisticated processes.

If you are having chest pain, call 911.

~~~
netfl0
Wow I had no idea they were linked in remotely. Thanks for sharing.

------
ghostpepper
Is it possible that increased security after breaches is actually what's
slowing down medical staff?

~~~
chapium
I doubt it. Desktop pc's in hospitals are usually just thin clients.
Ransomware targets the client pc and implementing security at this level is
not cumbersome.

~~~
itronitron
from the article...

 _“Breach remediation efforts were associated with deterioration in timeliness
of care and patient outcomes,” the authors found. “Remediation activity may
introduce changes that delay, complicate or disrupt health IT and patient care
processes.”_

------
Forge36
Without any arguments it's just data. Is a lack of spending on key
infrastructure, tied to poorer outcomes something we can discuss? I'm not sure
this is the best article to discuss the causes/mitigations.

There was one interesting data point, but no source of cause listed. >for care
centers that experienced a breach, it took an additional 2.7 minutes for
suspected heart attack patients to receive an electrocardiogram.

Is this while they were prevented from performing care? Thankfully PBS's
article goes into more details

[https://www.pbs.org/newshour/science/ransomware-and-other-
da...](https://www.pbs.org/newshour/science/ransomware-and-other-data-
breaches-linked-to-uptick-in-fatal-heart-attacks)

>hospitals that experienced a data breach, the death rate among heart attack
patients increased in the months and years afterward. This increased mortality
doesn’t appear to be due to the perpetrators themselves — the hackers are not
controlling the allocation of medications or doctors. Rather the issue may lie
with how health care systems adjust their cybersecurity after an attack

Which makes a much different argument: the hospital response to a
Cybersecurity incident increases mortality (thus: can we expect a similar
uptick in negative outcomes amongst healthcare organizations who implement
similar security polices?)

Research paper:
[https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.1...](https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.13203)

The PBS article points out that security practices applied to clinicians led
to this problem.

Do we have evidence that the hacking took advantage of the EMR's security
issues?

>Time from door to ECG significantly increased after a breach and the elevated
time to ECG persisted at 4 years after the breach. Security typically adds
inconvenience by design—making it more inconvenient for the adversary. For
example, stricter authentication methods, such as passwords with two‐factor
authentication, are additional steps that slow down workflow in exchange for
added security. Lost passwords and account lockouts are nuisances that may
disrupt workflow. The persistence in the longer time to ECG suggests a
permanent increase in time requirement due to stronger security measures.

So what compromise is possible to ensure fast login? Can two factor login be
limited to new login devices? (Thus limiting impact to those working in new
locations?)

Login devices which aren't recognized? (Ie: external servers)

Should EMR login be separated from local PC login within a hospital/emergency
department? (Cold booting a PC and logging into windows would be the slowest
response time).

Can we tie logins to employee badges to skip all password entry? (Lost badges
would thus warrant reporting loss.)

~~~
mjcl
> Can we tie logins to employee badges to skip all password entry? (Lost
> badges would thus warrant reporting loss.)

You can, but typically you'd use a badge with a PIN. If you use something like
this[1] with virtual desktops (VDI) that don't terminate your session when you
disconnect, you can get the "time to login" down to a few seconds, since it's
the same RDP session following the user around.

[1] [https://www.identityautomation.com/iam-
platform/healthcare-c...](https://www.identityautomation.com/iam-
platform/healthcare-clinical-workflow-solutions/qwickaccess/)

~~~
sandwall
Most hospital PC's allow this as an alternative, also thumbprints.

We use: [https://www.imprivata.com/](https://www.imprivata.com/)

------
arcticbull
Another win for cryptocurrency! Truly, it has changed the world. We couldn't
have this kind of progress without it.

~~~
an_ko
Why do you think this is the fault of cryptocurrency?

~~~
ceejayoz
Ransomware relies on there being safe ways to collect the ransom.

There were a few predecessors
([https://en.wikipedia.org/wiki/PGPCoder](https://en.wikipedia.org/wiki/PGPCoder))
using stuff like Liberty Reserve (long since shut down by the Feds), but
Bitcoin made it pretty easy.

One tried "mail money to a PO box" back in the 80s.
[https://en.wikipedia.org/wiki/AIDS_(Trojan_horse)](https://en.wikipedia.org/wiki/AIDS_\(Trojan_horse\))
The downsides of that approach for a criminal should be fairly obvious.

~~~
Scoundreller
Downside? Sounds like a great way to get anyone you want arrested by the FBI
without them knowing who made this all happen.

