When our oldest son was born, it was a sign of the times in the medical field.
My wife's obstetrician told us something personal in advance.
"Your son will be the last child I help bring into the world. I'm done paying malpractice insurance. I said I would quit when my insurance premium hit $75,000 a year and I didn't. Now, it's headed up to $92,000 a year and that's just too much. I love what I do, but at some point it just doesn't make sense."
This was years ago, when an energetic and talented doctor quit because the cost of doing business was too high.
Now, it appears, there is another sign of the times in the healthcare field: ransomware attacks are driving doctors to quit—or retire early.
These ransomware attacks either scramble medical records or lock them up (encrypt) so that only a hacker with an electronic key can get to them.
This leaves medical practices and doctors with three unpleasant choices:
And sadly, some doctors are now choosing option three.
One example of doctors and clinics closing up shop after a cyberattack comes from Simi Valley, California, which is a suburb of Los Angeles.
Wood Ranch Medical posted this notice on its homepage: "Wood Ranch Medical Notifies Patients of Ransomware Attack"
This was more than some required notice of a cyber incident. It was also a goodbye:
"... we suffered a ransomware attack on Wood Ranch Medical's computer systems. Ransomware is a computer virus that encrypts our computer system until and unless we pay money (i.e., the ransom) demanded by the attackers. The attack encrypted our servers, containing your electronic health records as well as our backup hard drives.
Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019... between now and December 17th, we will work with you as you seek another medical practitioner for you and your family's healthcare needs. "
And this California case is not the only one.
If you search for Michigan's Brookside ENT and Hearing Center on Google Maps, you'll get this message: "Permanently closed."
Health IT Security did a story that explains why doctors seemingly had no choice but to close up shop:
"The practice's computer system was completely encrypted, and hackers demanded $6,500 to decrypt the files. When the practice's owners and co-founders John Bizon, MD and William Scalf, MD refused the ransom demand, the cybercriminals wiped the entire system, including all patient records.
All appointment schedules, payment data, and patient information was erased... rather than rebuilding the practice, the owners made the decision to retire early."
The doctors quit and patients lost years, and in some cases decades, worth of medical history.
People are being forced out of their profession, and patients are left wondering about their medical histories.
Here's a newsflash for you: hackers don't care.
Instead, most appear to be motivated by making money, notoriety, or the ability to "stick it to the man." Or perhaps a combination of these things.
Check out this string of "Twitter threats" from infamous hacker thedarkoverlord. These threats were from last October:
Twitter has since suspended that account. But it reveals something, doesn't it, about the mindset of a notorious hacker?
As far as we know, no one has died as the result of a medical cyberattack.
Yet.
But if people do, will hackers be charged with murder, or perhaps manslaughter?
It's a valid question a coworker brought up recently, because we are getting closer to that point where cyberattacks could end lives.
Right now, a cybercriminal is typically charged with computer or network intrusion, a technical crime, if they get busted for a cyberattack. Or perhaps wire fraud is the charge if the attack involved moving significant amounts of money.
But the old days of acting like hacking is just an IT problem are gone.
Now, it's an everyone problem, which could impact your physical health and safety.
For example, earlier this fall, three hospitals in Alabama diverted patients to other hospitals for several days, following a ransomware attack.
The hospitals are back on track now, however, because they caved to hackers' demands.
I also think back to an interview I did with Jason Witty, who was in charge of securing U.S. Bank at the time I spoke with him, after his keynote at a SecureWorld conference. He outlined what we are up against.
"An explosively growing internet. Billion dollar funded adversaries successfully breaching thousands of companies per year. More 'things' on the internet than people, and now those 'things' are connected directly to the human body. What could go wrong?"
Something to ponder, as we realize these things are a sign of the times.