The use of technology can reap major improvements in healthcare, but only if it’s done properly. If medical organizations fail to take care of their IT systems by doing necessary maintenance, their technology can work against them – especially if they’re using older software that requires frequent anti-virus upgrades to stay up-to-date.
Recently, a Lawrenceville, Georgia medical center’s internal IT network was so debilitated by malware that the hospital was forced to turn away patients. Was the hospital’s neglect of its legacy software system to blame?
“Total Diversion” Status
Employees of Gwinnett Medical Center noticed on a Wednesday afternoon that some type of “virus” had infected their system, but the IT team failed to immediately resolve the issue. Within 24 hours, the system had been so compromised that staff members had to cease working on the hospital’s computerized records system and revert to paper medical records.
The outbreak continued to get worse, and by Friday the hospital had declared “total diversion” status. Except for extreme emergency admissions, all incoming patient cases were diverted to other medical centers.
The virus disabled the interconnectivity of hospital computers, so the devices could not communicate internally and share information. That means this 448-bed facility, just 30 miles northeast of Atlanta, was forced to resort to a “runner system.” Employees shuttled files and documents from station to station within the building until normal operations resumed.
A Gwinnett Medical Center spokesperson said the malware attack did not affect “patient care in any way, shape or form” and that no data was compromised, but it was reported that patients experienced a delay in getting back their test results after the incident.
An Avoidable Outbreak?
Hospital employees may have been partially at fault for the attack if they delayed downloads of their system’s antivirus updates. That type of behavior caused a three-hospital shutdown in London in 2008, which, after being studied, was deemed “entirely avoidable.”
It’s scary that hitting “ignore” on system upgrades too many times could result in patients being denied care at a medical facility, but when a healthcare system relies on legacy server software, it’s a plausible possibility. Clunky upgrades slow down workflow, so they’re frequently delayed at medical establishments across the country.
No matter the cause of the outbreak, which remains undetermined, we at CareCloud can’t help but wonder if Gwinnett Medical Center would have been better protected from a malware attack if they’d been utilizing a cloud-based IT system.
It’s Better in the Cloud
When data is stored in the cloud, a third party vendor (like us) is constantly monitoring IT operations and assuring the connectivity and reliability of the system.
Additionally, malware has to penetrate a much stronger wall of defenses in the cloud, since there’s no physical server software on the premises to compromise.
And in the cloud, software upgrades don’t slow you down. CareCloud continually improves its platform, but executes updates seamlessly and automatically. Upgrades never stall our clients’ workflow, so there’s no need to hit “ignore.”
Gwinnett Medical Center fixed the bug and was back up and running by Friday night. Nonetheless, the malware infection never should have happened. Not only did the incident make the hospital look bad, it almost certainly could have been avoided had the IT staff taken more precautions with their software… or perhaps if they’d had a better system to begin with.
We at CareCloud think they should have been on the cloud. What do you think?
Do you know what you need when setting up a new medical practice?
