Ashley Madison. Fiat Chrysler. Hospira.
It sounds like some really bad made-for-TV movie on the Syfy network, right? But alas, in our overconnected, overdigitized world, all of them share a common trait, and should serve as yet another wake-up call about cybersecurity.
By now, you’ve seen the gazillion reports about the breach of AshleyMadison.com, the scandalous website that let adulterers seek out, well, other adulterers.
More serious was Fiat Chrysler’s recall in late July of 1.4 million vehicles that the automaker said were vulnerable to hackers. The notice followed an exposé in Wired detailing how tech whizzes were able to hack into a car’s computer system and take over everything from the brakes to the windshield wipers. Numerous reports have followed on how almost all car manufacturers are now assessing similar weaknesses.
And in our field, the Department of Homeland Security and the Food and Drug Administration in July raised security concerns about Hospira’s Symbiq Infusion System. The system, an FDA press release warned, could be accessed remotely via the hospital’s network, allowing a hacker to control the device and change dosing levels.
On its website, Hospira noted that Symbiq largely has been pulled from the market as part of a broader device strategy. The company was working with the few sites that still use the system to deploy fixes.
While each of these scenarios has its own unique attributes, the common thread that binds them is the extreme vulnerability we face in nearly every aspect of our personal and professional lives. Once the stuff of Hollywood screenwriters, cybersecurity is very real, very serious and very scary.
Two-thirds of respondents to a HIMSS cybersecurity survey released in June acknowledged that their organizations had a security incident within the past year. While most of the problems could be traced to a “negligent insider,” 64 percent of respondents said they had been attacked by an outside entity.
That percentage surely will climb during the coming years. Nefarious actors lurk around every corner.
For the better part of two decades — following the release of "To Err is Human" — hospital leaders have focused their considerable attention on improving the quality and safety of patient care. Shouldn’t we mount a similar effort to secure the technology systems that touch every aspect of patient care?
Where do you start? Good question. The American Hospital Association has a host of resources available to hospital leaders, including guides specifically geared toward the C-suite and trustees. Visit www.aha.org/advocacy-issues/cybersecurity.shtml.
On a closing note, this is my last column for H&HN. I guess it is only fitting that it be about technology. By the time you read this, I will have left the magazine to become director of communications and public relations at the College of Healthcare Information Management Executives. It’s been a great run and I’ve thoroughly enjoyed getting to know many of you over these past 12 years. Thank you for your commitment and passion for improving patient care. Happily, I’ll continue to be in contact with many of you on the IT front and I’m proud to continue serving the field as you march toward the Triple Aim.