What’s the worst-case cybersecurity scenario for healthcare?

What’s the worst-case cybersecurity scenario for healthcare?

It’s never too far-fetched to think big when trying to envision what cyber-attackers could accomplish, says cybersecurity and counterterrorism expert Richard A. Clarke.

Clarke, who served on the National Security Council and advised three American presidents on cyberterrorism, believes the scariest “cyber nightmare” is a coordinated attack on the power grid that leads to prolonged regional blackouts: “If someone were to blow up a transformer and generator we’d be waiting for months – months – for the replacement,” he tells Healthcare IT News.

Healthcare has gotten an up-close look at the dangers of cyber-attacks, hacks and other data breaches in recent years. But as bad as massive HIPAA breaches are, a targeted attack on a health system’s power supply could be disastrous.

When Clarke points out the importance of hospitals knowing where they’ll access emergency fuel and ensuring medical devices are on an air-gapped network, he’s not being a doomsayer. He’s just being realistic about the chances, however small, that cyber-terrorists could wreak widespread and lasting damage to critical healthcare infrastructure.

“Likelihood is something I don’t think you should take into account when you do risk management,” he says. “The real way to think about risk management is to include in your calculus the outlier event.”

What is your healthcare organization doing to prepare for the worst?