The May 15th ransomware attack took down a fifth of UK healthcare infrastructure. Some place the blame on security professionals, and the tech industry in general. But there is plenty of blame to go around.
Microsoft refused to provide a security patch for their retired operating systems until after the attack had already done plenty of damage. This was the case despite the fact that much of the world’s computers still run on older, patched operating systems from Microsoft. We might reserve some blame for hardware manufacturers such as Dell, HP, and Lenovo too for selling these PCs with little to no hardened protection against attacks.
But healthcare providers must also bear some of the blame. At the end of the day, they are the ones with the healthcare records in hand. Budgetary concerns and corporate entropy are realities that all businesses in the modern era must overcome. And while hospitals have some of the most advanced technologies in the world, the IT infrastructure still lags behind.
The attack on one of our most valuable resources should give us all a moment of pause. This was not a one-time event; it will be tried again, and again after that. Here is why we all have to do a better job:
Healthcare Records Are Too Valuable
Some say healthcare records are 100 times more valuable than credit card data. The moment credit card data is reported stolen, those cards can be canceled, and no longer become a liability. Identity thieves can usually only use them once, if that much.
Healthcare records contain information that is not so easily or quickly changed. They include everything that can be known about a person from home address to social security number, and everything in-between. If there is an advanced directive on file, that opens the door to familial relationships as well.
Electronic health records provide a level of convenience and efficiency not dreamed of in the days of paper records. But it means nothing if healthcare providers don’t couple it with equally advanced security. These records are more valuable than gold, and should always be treated that way. If you need a resource to help evaluate EHR systems, there are some good ones online.
You Are Judged by Your Tech
It may not be fair to judge a book by its cover. But it’s increasingly common to judge a healthcare professional by their technology. If you walk into a doctor’s office and perched on the desk is a 15” CRT monitor, you might perceive a problem.
If you were to pace the office and notice that the computer is running Windows XP, or even Windows 7, you might be even more uncomfortable with the situation. The outdated technology signals to clients that the doctor doesn’t keep up with modern technology.
Clients will never believe it is because you don’t have the resources to upgrade. They might even walk away with the impression that you are out of date in other parts of your medical practice that are less visible. There are many ways old technology hurts your business.
It is all about signaling. In the same way a wrinkled suit signals a person who does not take his appearance seriously, grossly out of date technology may be signaling something to your patients that is untrue about you as a professional. It may not be fair. But it is the world we live in.
Support and Updates
Having an expert in 15-year-old technology service your computer is like having a horse and buggy salesman service your car. You are simply not going to get the best, most knowledgeable service. If you have a system that even the company you bought it from won’t service, it’s time for a new one.
A more modern system receives regular updates. It’s not just security updates, but functional updates as well. With newer versions of technology, fewer things go wrong. And when they do, there are better support resources available.
There is no excuse for the Wannacry ransomware to have ever worked. Newer tech would have eliminated the threat altogether. There are plenty of reasons to upgrade, including priceless data, client perception, and superior support for when things go wrong.