In the Ransomware Trends 2021 put out by the Health Sector Cybersecurity Coordination Center (HHS Cybersecurity Program), it is reported that there were a total of 82 ransomware incidents impacting the healthcare sector worldwide so far this calendar year, as of May 25, 2021. 48 of these ransomware incidents (nearly 60%) impacted the US health sector. In 72% of the incidents, victim data was leaked. The average bill for rectifying a ransomware attack considering downtime, people’s time, device cost, network cost, lost opportunity, ransom paid, etc, was $1.27 million.
A large medical facility many of my family and friends are part of was attacked. The impact to the facility was huge as everything went off line. There are so many safety issues to consider, but one directly related to drug diversion prevention and monitoring is that there is basically no more prevention or monitoring! How do you know if controlled substances get from the pharmacy to the nursing station? How do you know if there is an active order for the med removed from the dispensing cabinet? How do you know if the medication reached the patient or if it was actually due. Old school, completely manual auditing is needed – flipping through charts for the most recent order. Reading paper MARs for administration charting then matching up med removal and waste amounts. Let’s be honest, it may be hard to devote the resources to those manual audits when everything else around you is requiring more resources to keep things running. It is easy to not view controlled substance monitoring as a priority when there are immediate patient safety issues at hand. Don’t let it go completely. Add a plan for this into your disaster recovery plan so you will know how to execute should it be needed.
It may be just a matter of time before your facility is hit. Be proactive. Find out where your vulnerabilities are. Facilities engage in mock surveys regularly so they are prepared. It seems it is time to add mock ransomware attacks to the preparations. Reach out to Rxpert Solutions and we can connect you with people who can assess your facility’s security and help in the event of an attack.