The ransomware attack affecting 150 countries and crippling several health care systems has slowed, but not stopped.
If you're reading this newsletter, you're well aware of the ransomware attack, "WannaCry". The virus spread through phishing emails on vulnerable Windows machines, disrupting health care systems across England and Spain over the weekend. Here's three good technology perspectives to understand what's happening for healthcare:
Hospitals make for popular ransomware victims because they have an urgent need to restore service for their patients. They may therefore be more likely to pay criminals to reinstate systems. They also often make for relatively easy targets. “In healthcare and other sectors we tend to be very slow to address these vulnerabilities,” says Lee Kim, the director of privacy and security at the Healthcare Information and Management Systems Society.
The attacks took advantage of a vulnerability that was patched by Microsoft on March 13, 2017. Many organizations failed to install the update, even though the vulnerability was categorized as critical and an exploit for the vulnerability was released online last month.Unfortunately for many organizations, the NHS included, the patch could not be applied to unsupported Windows versions such as Windows XP. Many hospitals still have computers running on the outdated Windows version, even though Microsoft stopped issuing patches on April 8, 2014.
Ponemon Institute estimates data breaches cost the healthcare industry $6.2 billion last year. Last week is an example of how vulnerable some of our most important infrastructure is to attack. “This is an unfortunate example of the very real and potentially devastating effects cybercrime can have on society, " said Ebba Blitz, CEO of Alertsec. "Make sure all the software on your system is up to date. This includes the operating system, the browser and all of the plug-ins that you would normally find in a browser."
For those folks in healthcare looking for tactical tips on guarding against this or future vulnerabilities, this might be a good resource.
Patients receiving aggressive medical care at the end of life don’t seem to live any longer, and some work suggests a less aggressive approach buys more time.
The conversation continues from our round up of this Economist article two weeks ago, this week with more analysis from the Times Upshot column:
"Talking about death will never be easy, but it is increasingly necessary. As medical technology advances, there will be more and more we can do—but it’s not always clear there’s more we should do. Only through earlier, deeper conversations can we ensure that what we want is what we get. And only by acknowledging our gaps can we ensure everyone, everywhere gets it."
Many men diagnosed with prostate cancer can safely choose active surveillance—monitoring to make sure their cancer isn’t spreading—rather than treatment.
More accurate testing and analysis could save thousands of men from unnecessarily uncomfortable, costly, and potentially harmful treatment for prostate cancer. In a similar vein of the dangers of over-treating and over-testing, NPR reports on the backlash for mass screening of thyroid cancer:
"If you look early, you just find a whole new category of patients that has the disease but is never going to suffer from it at all," says Dr. H. Gilbert Welch at the Dartmouth Institute for Health Policy and Clinical Practice. "But they will suffer from the treatment."