VA Hospital
When considering the VA, many do not think about the technology behind the institution. By some it is considered run down and dreary, too behind the times to have the technology necessary to draw hackers out of their lairs. By others it is considered a medical stronghold for America’s soldiers. By those who work at the Veteran’s administration, they are aware that since 2009, 181 pieces of electronic medical equipment were infected with Malware, leaving them vulnerable to cyber attackers and hackers.
One may ask why a cyber attacker would target the Veteran’s administration, or what the issue would be if they did. Much like any other medical facility, the electronic equipment if full of sensitive information about patients, including their medical histories, and their medication dosages. If a hacker wanted to, they could change a patient’s dosage, causing an overdose. Sensitive and legally private medical information is also open to exposure because these pieces of equipment are the last to receive necessary patches and updates. Therefore, it is not only a patient’s privacy that is potentially at steak, but also potentially their life.
Presently, Malware and hacker threats found in the VA’s system have all been relatively innocent, as well as contained and prevented from launching larger cyber-attacks. The VA has seen the threat, however, and is taking necessary steps to manage the risk in what is now known as Medical Device Isolation Architecture. The isolation model allows medical devices to remain isolated from the VA’s primary network which, in turn, allows patient’s sensitive information to also remain isolated. As such, information that would be pertinent to a malicious cyber attacker, and the network in which individual who desired to plant Malware would both be unavailable. The VA also ensures these devices will no longer be the last to receive patches and updates as a part of their new security standards.
I learned a lot from the article, though primarily I was surprised to find that anybody was targeting the medical network at the Veteran’s administration. Moreover, I was also surprised to learn medical equipment is often the last to receive necessary patches, updates, and security management when released from technological giants like Microsoft. Hackers and cyber attackers look for vulnerabilities not just in the internet, but in the population. Attacking the poor health of the people seems like a weak spot, which is only further weakened by the fact that these important safeguards are the last to receive important updates. Disallowing crucial protection against hackers sounds like a disservice, especially when considering a skilled hacker could easily change a patient’s dosage and effectively kill them.
It was, however, reassuring to learn the Veteran’s administration had been keeping a watchful eye on their network and they are now taking steps to isolate critical pieces of equipment in order to neutralize the threat. Moreover, putting safeguards in between files and the internet, as well as ensuring the medical network receives updates in a timely manner was also reassuring. I am not so naïve as to think if a hacker wants to break into a secure vault of files badly enough they will not continue to try, but there should also be the necessary precautions taken to make it less manageable on behalf of cyber attackers.
The role of government in healthcare is evident only in a small way in the article. The issue has been known since 2009, and has been monitored since this time. It has been known that hackers and cyber attackers could get into the network at any time, tampering with files, dosages, and even locating private patient information, but it is only now that the Veteran’s administration is initiating real safeguards that will allow them to protect patients of the VA. Cyber hacking is a real issue today and it was a real issue in 2009 but the reality of it is that in 2009 there was likely little money in the budget to fund such a crusade.
It is already well known the Veteran’s association is wildly underfunded. While the government bleats that it attempts to fund all aspects of healthcare, this is too often a dark and undocumented corner of healthcare that goes unnoticed. Despite the threat of hacking, theft of personal information, and risk of an entire medical network being compromised, it is simply another example of how the people will not take notice until the issue is big enough, so to speak. The threat of each aforementioned issue was always very serious, but it was not until there was a serious enough threat, or there was seemingly nothing better to do that this particular form of healthcare was prioritized.
In sum, the Veteran’s association is doing all it can to ward off cyber attackers and protect its patients. It has been monitoring any potential cyber threats for several years and doing what it can with the equipment it has. It is unfortunate that it took eight years and 181 infected machines for healthcare policies to change and cash to flow in the right direction. However, now the VA is able to change its network and its policies in order to create a more secure environment that is safer for its patients and stronger concerning hackers.
Works Cited
"VA Implements New Measures to Improve Medical Device Cybersecurity." 21 June 2016. HIPAA Journal. Electronic. 6 July 2016.