Hospitals Under Siege

Smart systems can make healthcare digital infrastructure vulnerable to cybercrime.


On February 5, 2017, Hollywood Presbyterian Medical Center, a 434-bed short-term acute care hospital in Los Angeles, became the victim of a cyber attack. Using malware, hackers seized control of the facility’s digital infrastructure, including the computer system, putting lives in danger and forcing the relocation of many high-risk patients.

To restore its system, the medical center paid the hacker a $17,000 ransom in bitcoin. But the penalty could have been far greater. And this scenario demonstrates just how vulnerable many of today’s smart healthcare buildings are to cybercrime.

“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key,” said the medical center’s chief executive, Allen Stefanek. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

The Los Angeles Times reports that since 2010, at least 158 institutions, including medical providers, insurers, and hospitals, have reported being hacked or experiencing breaches in information technology that compromised patient records. In July of 2017, hackers gained access to as many as 4.5 million patient records in UCLA Health System’s computer network.

The disruption of medical services caused by cyberattacks has the potential to be devastating. Blocked access to patient records, laboratory results, and critical patient information could result in lost lives. And according to a report released by the US Department of Homeland Security, the healthcare field remains one of the richest targets for ransomware attacks because of its need for immediate access to patient records.

It seems that the more connected our buildings are, the more vulnerable they become. The interconnected technologies and medical imaging machines that streamline processes and facilitate treatment can also expose healthcare facilities to cyberattacks.  

According to security experts, addressing these issues at all levels of the planning, building, design, and deployment stages is more important than ever. In addition, many feel that establishing a digital infrastructure to provide secure platforms would help protect against unlawful system entry. Recently, industry groups such as the Internet of Things Security Foundation (IoTSF) have established working groups to develop standards and industry requirements such as an IoT cybersecurity framework for healthcare buildings and critical infrastructure.

Beyond digital infrastructure, what solutions do you feel would help enhance cybersecurity at healthcare facilities?


  • Yvonne Gilmore.

    What might help cyber security at health or any facility: ask the question: Why does the entire system have to be connected to the internet all the time? Separate patient records from a stand alone system connected to the net so that internal and essential records are never threatened by a cyber attack. We are prepared to have differing levels of service for banking, heating, travel – why not computers and internet accessibility?

  • Dave Sanford.

    In this rush to put everything on computer networks and the internet, we must ask the question: is this really going to improve the process, service, etc. over what it would have been on paper? The thing about paper that we mustn’t lose sight of is that paper doesn’t crash. And you can’t hack into paper records, unless you physically break into the file cabinet. Just something to think about. We need to be more judicious about what we put on computers and the net, asking ourselves if the benefit truly outweighs the risk, rather than just blindly rushing into the technology just because it is there. .


Leave a Reply

Enter Your Log In Credentials