Cybersecurity in Healthcare: Lessons from Captain James T. Kirk

“Shields up, red alert!” yells James Kirk, captain of the USS Enterprise. Whether you are a Trekkie or not, you have likely heard this call to immediate action before. It seems like this phrase is called out in almost every episode throughout the Star Trek series including the original series, Next Generation, and many others. If you had the time and interest, you could derive a total number of times the captain summons their crew, which might be astonishing. It would make you wonder why the ship did not always have shields up. There is even debate among fans on a stack exchange ranging from calculations on energy drain from the core to the Federation’s intergalactic policy. It is certainly a good question; in some ways, it relates to healthcare IT systems. Emergency physicians provide care to patients as part of a system to do good for the community. Yet we see ransomware attacks on IT systems and digital technologies critical to delivering care.

The healthcare sector has witnessed an alarming surge in cybersecurity threats targeting hospital systems in recent years. According to the Identity Theft Resource Center (ITRC), healthcare organizations were the most compromised by data breaches in 2022. The advancement and convergence of technology into health systems’ infrastructure has led to an increased reliance on digital solutions, making healthcare organizations susceptible to malicious cyber activities. These threats, ranging from ransomware attacks to data breaches, pose significant risks to patient data security and the seamless delivery of critical medical services. The shields are up, yet malevolent actors find their way into health IT systems, causing massive disruption leading to downtime. Cyber attacks are not limited to hospitals and can impact pre-hospital and ancillary services, which leads to the question - are you prepared?

Fear not. The ACEP Section for Emergency Medicine Informatics, Disaster Medicine Section, and the Tactical and Law Enforcement Medicine section have teamed up to conduct a cyber attack tabletop exercise. The cyber-attack event will be held during Scientific Assembly in Philadelphia on October 9, 2023, from 9:00 am to 11:00 am at the convention center in Terrace Ballroom 1.

The tabletop exercise will be scenario-based, with participants collaboratively responding to prompts through a simulated cyber incident that disrupts access to critical systems. These scenarios will challenge participants to strategize ways to maintain patient care while dealing with system downtime. Dr. Christian Dameff, ACEP member and leading expert in cybersecurity, will lead discussions that revolve around alternative communication methods, patient prioritization, and ensuring safe patient care during the crisis.

We encourage you to join us in the exercise to create awareness, learn, and develop new skills surrounding cybersecurity. Registration is open to all, and when you arrive, come prepared to hear, “shields up, red alert.”

If you are interested in participating, you can register by clicking here.

ACEP graciously acknowledges First Health Advisory for sponsoring the event.

References

Identity Theft Resource Center. (2022). 2022 Data breach report. https://www.idtheftcenter.org/wp-content/uploads/2023/01/ITRC_2022-Data-Breach-Report_Final-1.pdf

Sullivan, N., Tully, J., Dameff, C., Opara, C., Snead, M., & Selzer, J. (2023). A National survey of hospital cyber attack emergency operation preparedness. Disaster Medicine and Public Health Preparedness, 17, E363. doi:10.1017/dmp.2022.283