Cybersecurity

Cyberattacks in healthcare are operational disasters, not just IT problems. Ransomware can lock down the EMR, orders, and communications for 3 to 4 weeks, while distributed denial of service attacks can halt networked systems across the hospital and delay care.

Cyberattacks in Emergency Care

• Hospital-wide attack surface: Anything connected to a network is vulnerable during a cyberattack, including the EMR, radiology, lab analyzers, elevators, and HVAC systems.
• Ransomware clinical fallout: Ransomware is financially motivated and increasingly aggressive; once systems are encrypted, the average recovery time is 3 to 4 weeks, with immediate consequences for patient care.
• DDoS disruption pattern: Distributed denial of service attacks are built for disruption, flooding systems with traffic from compromised machines until core hospital functions slow or stop.
• Patient harm stakes: Cyberattacks in healthcare can cause delays to care and even patient deaths, and ransomware events may be less visible than expected because reporting requirements are limited.
• Threat actor landscape: The major players range from nation-state groups and organized criminal networks to hacktivists and inexperienced script kiddies, each with different motives and risk patterns. The distinctions are worth hearing in the episode.

ED Preparedness and Prevention

• Downtime as disaster drill: Treat scheduled downtime like a mass-casualty exercise: if the network fails, clinicians need a practiced plan for paper charting, orders, and communication.
• Analog backup workflows: When the EMR and ordering systems go dark, departments need paper processes, offline phone numbers, call schedules, and runners to move orders and results.
• Staffing after an attack: Post-attack care is slower and more labor-intensive, so surge staffing matters even after systems come back online, a practical point we get into in the chapter.
• Password hygiene basics: Strong unique passwords matter more than any single style, whether built with a password manager or memorable long phrases; the key rule is never reuse them.
• Phishing and identity protection: One person can open the door to an attack, so never send Social Security numbers or other sensitive personal data in unencrypted email and avoid suspicious links or attachments.
• Two-factor and local engagement: Two-factor authentication adds an important barrier, and frontline clinicians can reduce institutional risk by taking mandatory cybersecurity training seriously and joining prevention efforts.