Portal de Periódicos da CAPES

Your Money or Your Patient's Life? Ransomware and Electronic Health Records

2017; American College of Physicians; Volume: 167; Issue: 8 Linguagem: Inglês

10.7326/m17-1312

1539-3704

I. Glenn Cohen, Sharona Hoffman, Eli Y. Adashi,

Sexuality, Behavior, and Technology

Ideas and Opinions17 October 2017Your Money or Your Patient's Life? Ransomware and Electronic Health RecordsI. Glenn Cohen, JD, Sharona Hoffman, JD, LLM, SJD, and Eli Y. Adashi, MD, MSI. Glenn Cohen, JDFrom Harvard Law School, Harvard University, Cambridge, Massachusetts; Case Western Reserve University School of Law, Cleveland, Ohio; and Warren Alpert Medical School, Brown University, Providence, Rhode Island., Sharona Hoffman, JD, LLM, SJDFrom Harvard Law School, Harvard University, Cambridge, Massachusetts; Case Western Reserve University School of Law, Cleveland, Ohio; and Warren Alpert Medical School, Brown University, Providence, Rhode Island., and Eli Y. Adashi, MD, MSFrom Harvard Law School, Harvard University, Cambridge, Massachusetts; Case Western Reserve University School of Law, Cleveland, Ohio; and Warren Alpert Medical School, Brown University, Providence, Rhode Island.Author, Article, and Disclosure Informationhttps://doi.org/10.7326/M17-1312 Annals Author Insight Video - Eli Y. Adashi, MD, MS In this video, Eli Y. Adashi, MD, MS, offers additional insight into the article, "Your Money or Your Patient's Life? Ransomware and Electronic Health Records." SectionsAboutFull TextPDF ToolsAdd to favoritesDownload CitationsTrack CitationsPermissions ShareFacebookTwitterLinkedInRedditEmail The mugger's demand "Your money or your life" is a familiar one. However, in an era of vast hospital computer networks and electronic health records, a novel risk to worry about is, "Your money or your patient's life." This threat, known as "ransomware," is an increasingly common experience for computer users around the world. The relevance of this hazard to health care became widely apparent on 12 May 2017 after a global attack effected by ransomware named WannaCry (1). Among those most severely affected were hospitals, pharmacies, and clinics of the British National Health Service (2). On these shores, President ...References1. Larson S. Massive cyberattack targeting 99 countries causes sweeping havoc. CNN tech. 13 May 2017. Accessed at http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html on 26 May 2017. Google Scholar2. Chinthapalli K. The hackers holding hospitals to ransom. BMJ. 2017;357:j2214. [PMID: 28490432] doi:10.1136/bmj.j2214 CrossrefMedlineGoogle Scholar3. The White House; Office of the Press Secretary. Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. 11 May 2017. Accessed at www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal on 26 May 2017. Google Scholar4. Bai G, Jiang JX, Flasher R. Hospital risk of data breaches. JAMA Intern Med. 2017;177:878-80. [PMID: 28384777] doi:10.1001/jamainternmed.2017.0336 CrossrefMedlineGoogle Scholar5. Cox JW. MedStar Health turns away patients after likely ransomware cyberattack. The Washington Post. 29 March 2016. Accessed at www.washingtonpost.com/local/medstar-health-turns-away-patients-one-day-after-cyberattack-on-its-computers/2016/03/29/252626ae-f5bc-11e5-a3ce-f06b5ba21f33_story.html on 26 May 2017. Google Scholar6. Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-91 (1996). Google Scholar7. 45 C.F.R. § 164.302-.318 (2016). Google Scholar8. Department of Health and Human Services. Fact Sheet: Ransomware and HIPAA. Accessed at www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf on 26 May 2017. Google Scholar Author, Article, and Disclosure InformationAffiliations: From Harvard Law School, Harvard University, Cambridge, Massachusetts; Case Western Reserve University School of Law, Cleveland, Ohio; and Warren Alpert Medical School, Brown University, Providence, Rhode Island.Disclosures: Authors have disclosed no conflicts of interest. Forms can be viewed at www.acponline.org/authors/icmje/ConflictOfInterestForms.do?msNum=M17-1312.Corresponding Author: I. Glenn Cohen, JD, Professor of Law, Harvard Law School, Director, Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics, Harvard University, 1525 Massachusetts Avenue, Griswold Hall 503, Cambridge, MA 02138.Current Author Addresses: Prof. Cohen: Professor of Law, Harvard Law School, Director, Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics, Harvard University, 1525 Massachusetts Avenue, Griswold Hall 503, Cambridge, MA 02138.Prof. Hoffman: Case Western Reserve University School of Law, 11075 East Boulevard, Cleveland, OH 44106.Dr. Adashi: The Warren Alpert Medical School, Brown University, 101 Dudley Street, Providence, RI 02905.Author Contributions: Conception and design: I.G. Cohen, S. Hoffman, E.Y. Adashi.Analysis and interpretation of the data: I.G. Cohen, S. Hoffman, E.Y. Adashi.Drafting of the article: I.G. Cohen, S. Hoffman, E.Y. Adashi.Critical revision of the article for important intellectual content: I.G. Cohen, S. Hoffman, E.Y. Adashi.Final approval of the article: I.G. Cohen, S. Hoffman, E.Y. Adashi.Provision of study materials or patients: E.Y. Adashi.Administrative, technical, or logistic support: I.G. Cohen, E.Y. Adashi.Collection and assembly of data: I.G. Cohen, S. Hoffman, E.Y. Adashi.This article was published at Annals.org on 19 September 2017. PreviousarticleNextarticle Advertisement Annals Author Insight Video - Eli Y. Adashi, MD, MS In this video, Eli Y. Adashi, MD, MS, offers additional insight into the article, "Your Money or Your Patient's Life? Ransomware and Electronic Health Records." FiguresReferencesRelatedDetails Metrics Cited byTrends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021An investigation of the status and maturity of hospitals' health information governance in Victoria, AustraliaHow to Respond to a Ransomware Attack? One Radiation Oncology Department's Response to a Cyber-Attack on Their Record and Verify SystemCybersecurity in the Internet of Medical ThingsIntegrity verification and behavioral classification of a large dataset applications pertaining smart OS via blockchain and generative modelsRansomware and Academic International MedicineMedical Devices in Harm's Way: MedjackingThe state of research on cyberattacks against hospitals and available best practice recommendations: a scoping reviewHealth IT, hacking, and cybersecurity: national trends in data breaches of protected health information 17 October 2017Volume 167, Issue 8Page: 587-588KeywordsDisclosureElectronic medical recordsHealth Insurance Portability and Accountability ActHealth careHealth care providersHealth information technologyInformation technologyPatientsResearch designRisk management ePublished: 19 September 2017 Issue Published: 17 October 2017 Copyright & PermissionsCopyright © 2017 by American College of Physicians. All Rights Reserved.PDF downloadLoading ...