As practicing emergency physicians, we plan for the worst, knowing that modern health care, even with all of its fancy technology, is fragile. Our specialty prides itself on being the master of disaster medicine and can, with very few resources, provide world-class care during hurricanes, tornadoes, infectious disease outbreaks, and multiple casualty tragedies. With recent global cyber attacks, namely WannaCry and Petya, spreading to infect hospitals across the globe and rendering them paralyzed, it is clear emergency medicine is facing a powerful new threat.1,2 This article is a firsthand account of such a cyber attack and offers some guidance on developing your own low-tech cyber-disaster plan so you can be prepared when hackers come for your hospital.
On April 9, 2017, Erie County Medical Center (ECMC), the only regional Level 1 trauma hospital in western New York, was attacked by hackers.3 The hackers didn’t gain access to the system through malicious emails or a compromised flash drive. Instead, they used an automatic program known as SamSam to try millions of password combinations for the hospital’s web server. Once they had the administrator password, they encrypted vast amounts of hospital data, rendering it unreadable.
The overnight information technology staff quickly recognized the attack and made the decision to shut down the entire computer network to stem the spread of infection. By 5:30 a.m., all computer screens went dark in the emergency department and the entire hospital. It was quickly clear that this unscheduled complete system downtime could have disastrous effects on patient care.