Security Fixes Kill Hospital Patients

2015 ‘security fixes’ on computers resulted in 34 to 45 more deaths per 1,000 heart attack patients

From another article in Dark Reading. The data is old (most recent from year 2015) and updated data should be collected because we learn and change how we deal with security breaches. The underlying reason however seems very timely: clinicians trying to use hospital computer systems after a vulnerability is “fixed” face radical problems getting access to care for patients, and as a result more patients die due to the security “fix” preventing timely care. In medical terms, we would say “The cure is worse than the disease.”

Healthcare IT systems may show that shock in slower and more disruptive change than those in other industries because they start from a relatively weakened position security-wise. “For the most part the healthcare industry, and especially the providers, has been a laggard for information security,” says Larry Ponemon, founder and chairman of the Ponemon Institute.

When hospitals respond to a breach, the response tends to have a major impact on their legitimate users. According to Choi’s research, “new access and authentication procedures, new protocols, new software after any breach incident is likely to disrupt clinicians.”

That disruption is where the patient is affected, through inaccurate or delayed information reaching the people caring for them. And how much, in blunt terms, can that effect be? The study says an additional 34- to 45 deaths per 1,000 heart attack discharges every year.

Read the article at https://www.darkreading.com/endpoint/privacy/fixing-hacks-has-deadly-impact-on-hospitals/d/d-id/1331386. I had a link to the study here also, but the link goes to a “registration” web site. You can follow that link in the Dark Reading article if you so desire.

Comments are closed