Nurses and Cyber Security: What You Need to Know

Laura A. Stokowski, RN, MS; Satish M. Mahajan, PhD, MStat, MEng, RN


June 16, 2016

Why Healthcare?

Medscape: Why do hackers target hospitals and nurses? Are hospitals and nurses too trusting, or are they just not tech savvy? Are there other factors that make healthcare a tempting target?

Dr Mahajan: It doesn't have anything to do with the staff who work in hospitals, per se. It has more to do with the motivation of the hackers. The main motivation for hacking a hospital or health system is for ransom and monetary benefit, and to a much lesser extent, for publicity or revenge.

Hospitals are primarily concerned with safety, security, and the protection of patients' health data. They tend to be prudent and cautious, but this can make them slow to respond and adapt to a rapidly changing situation. Some hospitals may also be using outdated technology, or have failed to fully update their systems because of the expense. Hackers know these things, and take advantage of them. From a hacker's perspective, when trying to find vulnerabilities to exploit for financial gain, why not choose a target that is inefficient or moves slowly?

Another factor in the rise in hospital attacks is the level of penetration in terms of information retrieval. Hackers can gain temporary financial advantage with credit card fraud, but stealing health records exposes a lot more information about people: Social Security numbers, addresses, telephone numbers, demographic details, personal health disabilities, insurance information, and more. This information is at the core of a person's identify, and hence we call it "medical identity theft." This situation provides a pipeline of financial incentives rather than a one-time small benefit for hackers.

Yet another factor is the nature of the services that hospitals offer—the primary goal of these services is to provide help related to health issues. Most services are characterized by openness, social interaction, urgency, and intensity. So the doors must be kept open, and staff must have access to patient records to prevent errors and delays in treatment.

Hospitals also rely on their reputations as being safe environments, and their mission of taking care of people when they are in vulnerable positions. They can't simply shut down and wait it out when a cyber attack occurs. For these reasons, hospitals are more likely to pay a ransom rather than risk delays that could compromise patient care and result in death and lawsuits.

Cyber Attacks

Medscape: What are the different types of cyber attacks on hospitals or health systems, and what do the perpetrators gain from successfully hacking such a network?

Dr Mahajan: Three concepts that people might hear about in news reports about hospital cyber attacks are "ransomware," "malware," and "Trojan attacks."

Ransomware is a software virus that infiltrates systems and demands that owners pay a ransom in some form, such as the online currency Bitcoin, before the hackers will restore the system's functionality and unlock access to its data. Earlier this year, the Washington, DC-based MedStar Health was victim to a ransomware attack, although they declined to pay the ransom and restored their computer systems themselves.[2]

Malware is software that tries to update some parts of the computer operating system or core applications and their settings. This could range from disabling the system completely or crippling it so that certain applications do not work as intended. The malware itself could advertise to fix your system at a price, or at least result in user annoyance and lost productivity.

A Trojan attack occurs when users try to download something benign and known to them—such as a newer version of their favorite browser—but fail to recognize that the download site is malicious and has malware included in the browser installer. When the users install the new version on their systems, the malware gets installed on their systems as well.

The recent alert issued by the US Computer Emergency Readiness Team[5] provided the following examples of the intimidating messages that might be seen by users during an attack:

  • "Your computer has been infected with a virus. Click here to resolve the issue."

  • "Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine."

  • "All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data."


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: