Southern Ohio Medical Center Faces Cyberattack

Brodey Entler, Staff Reporter

On Nov. 11, Southern Ohio Medical Center (SOMC) unveiled on social media that “an authorized third-party” gained access to its servers. This caused the hospital to have to send emergency patients via ambulance to surrounding hospitals but continued caring for those previously admitted.

The following Thursday, the hospital was still dealing with the aftermath, while now accepting patients, it was still canceling and rescheduling many care services, including “sleep lab appointments, pulmonary function tests and outpatient rehab, as it continued to remedy its widespread outage, including email.”

“We are working around the clock to get full functionality,” a SOMC spokesman told Information Security Media Group. Another spokesperson for SOMC added that “Our investigation into this incident is ongoing. We are currently working around the clock with subject matter specialists to investigate the incident and restore our systems to full functionality.”

So, what risks our we facing when hackers get into a system such as a hospital?

Pacemakers, insulin pumps and more are potential prey for malicious hacking. So, here is what leaders are doing in order to protect these medical devices:

In an article by Peter Jaret, a special to Association of American Medical Colleges (AAMC) news, states: “’But that’s no reason for complacency,’ says Jeff Tully, MD, an anesthesiology resident at the University of California (UC), Davis, Medical Center and part-time hacker who has led efforts to alert the medical community to the risks inherent in network-connected medical devices.

“Implantable devices live in an ecosystem of devices that are all connected,” Tully explains. “Any part of the network that is vulnerable to attack makes the network vulnerable.”

Indeed, implantable devices that are connected to the growing “internet of things” pose a particular risk, says Stephen Lopez, PhD, AAMC senior director of information security. “Implantable devices are often connected remotely, via Wi-Fi or radio frequency identification, in order to feed data back to a central information hub,” he explains. “If a patient’s home Wi-Fi is not secure, hackers could potentially get access to the central network through a wearable device.”