The internet is one of the greatest inventions of all time that has profoundly affected the way we live – both positively and negatively. On June 27th, 2017, the hospital’s system was hacked. Fortunately, since the hospital does not use electronic health records, patients’ health records were not affected. However, because of the virus, many were not able to receive the care they needed – patients that needed mammograms, biopsies, ultrasounds, etc. The ransomware attack that occurred at the hospital essentially encrypted the hospital’s digital files. Through this attack, the hackers made medical records inaccessible to the hospital staff until they received a certain amount of money; this is called a request-to-rescue screen – essentially, this means that an amount must be paid in order to rescue the files. The ransom was set at 300 bitcoins (equivalent to 756,231 USD), a type of virtual currency. Since most of the devices in the radiotherapy sector depend on the technology, many appointments were postponed until the system was fixed.
This type of invasion is random, so Hospital de Câncer de Barretos was not intentionally chosen by the hackers. Regardless, for years, hospitals have been easy targets for hackers. They believe hospitals will pay quickly in order to urgently treat patients in critical condition, as well as to prevent confidential data from leaking. Yet, one cannot help but think, “Do hackers consider the consequences of disturbing a hospital?” Their actions cause a large number of appointments to be delayed, prevent patients from receiving treatment, and lead to many lives lost if the sick are not treated in time – it all adds up. These individuals are not just hackers. They are cybercriminals that do not respect the value of life.
The WannaCry ransomware attack that occurred last month targeted the United Kingdom’s National Health Service. This attack also left many patients without care until the virus was fixed. When time-sensitive procedures – like surgeries to remove tumors – do not take place at the scheduled time, patients are at risk.
I wrote this post not because I wanted to tell everyone that the hospital’s system was hacked, but rather because this event put many patients at risk. Situations like this in the future can cost numerous lives. We all know that hacking and invading an institution’s privacy is not ethical, but when lives are on the line, where is the line between ethical and unethical hacking?