Monitors are beeping. IV pumps are humming. You can feel the IV in your arm. It is giving you the medicine, they say your body desperately needs, to keep you alive. The nurses’ carts in the hallway make a squeaking noise, one of the wheels needs some oil. There’s an older woman down the hall that you can hear, she’s been moaning and saying “please let me go home” over and over for the last hour. And you agree with her, you want to go home too.
For any of you that have had to spend some time in the hospital, this all feels like a familiar experience. But then, something happens you don’t expect. A monitor has been wheeled into the room; a large camera attached to the top of it. You don’t know what this does, so you ignore it at first. But then you hear an audible “DING.”
Introducing AI “Angela”
The monitor in your room turns on. The camera swings so that it is facing your direction and then a woman’s face comes onto the screen. She introduces herself as Angela. She says she is a nurse who is helping for the night and wants to ask you some questions. You want to be a good patient. No one wants to be that patient the nurses complain about in the hallways. So, you say, yes of course. The questions seem easy enough. She asks for your date of birth, your medical history, and your list of medications you take. She also asks you to confirm your Social Security Number and health insurance for billing purposes. At the end of this interaction, she says thank you for your cooperation. It all felt very iRobot coming to life in front of your very eyes.
This may not have been an experience you have had at the hospital recently, but I have. You see, due to a chronic disease, in the past 3 months I have spent over 34 days in the hospital (and counting). When you spend a lot of time in one location, you start to meet the people who work there, and you start to realize how things work. But when you work for a company like Social-Engineer, LLC and then these weird systems creep up in your life, you start to ask questions and do your research. Here’s what I found so far.
We’re Feeling the Effects of the Nursing Shortage
Nurses are burned out. They’re stressed, exhausted, and struggling to find adequate mental health support. While the 2020 pandemic drastically increased these conditions, that is not the only issue to blame. Largely due to working conditions and job stress, nurses are quitting, and hospitals are struggling to replace them. Experts say that over 1 million RNs will likely retire by 2030. This will only add to the heaviness of the nursing shortage.
In my hospital, the nurses have told me that often one nurse oversees an entire wing on the floor. During my daily walks I counted those rooms. Each wing has 27 patients. Let that sink in. The ratio is 1 to 27. All of this puts a significant strain on the healthcare industry. If something isn’t done to stabilize these numbers, then patients will be the ones to pay. So, what is the solution? Here are some things that I have seen instituted.
Mobile Staffing Apps
Through data-learning, mobile staffing apps can analyze a nurse’s behavior and send them notifications to let them know things like shifts that are available, patient volume, etc. This allows nurses to be engaged with their facilities all from their personal mobile devices.
Nurses already have too much on their plates. So, the first viable option to begin to think of is how we can remove parts of their to-do lists. Artificial Intelligence (AI) is the most obvious way to do this. It can automatically document health records, complete surgical procedures, fill out patient registrations (like Angela) and even help monitor patients.
Especially in senior care facilities, it is often crucial that nurses sit and monitor patients when they are at an at-risk potential. However, since the current ratio is far from 1-to-1 of healthcare professionals to patients, this has become an impossibility. As a result, many facilities are now using Telesitting technologies. These systems are made up of cameras that are linked to monitors that watch the patient’s heart rate, blood pressure, and even neurological responses. Using advanced video and audio capabilities, these systems can detect when a patient is in danger. The system can alert doctors and nurses who can respond to help the patient.
This sounds great, right? We take the pressure off nurses and don’t even need to hire new staff. Which in turn cuts down costs and lowers the pressures of burn out. But what are the risks? Let’s discuss a few.
Healthcare – the Third-Most Attacked Industry
According to the HIPAA Journal, global healthcare cyberattacks increased by 74% in 2022. This makes healthcare the third most attacked global industry, leading with over 1,400 attacks per week. In the United States alone, healthcare ranks second in weekly attacks. And with the use of AI-driven technology, researchers and other security professionals worry hackers may use phishing emails or vishing phone calls to launch sophisticated cyberattacks. How would this work?
Vishing for Angela
Let’s paint a scenario using Angela, the automated system. The human side of the hospital system as we have already noted is burnt out. Nurses are working 12–14-hour shifts at a time, taking care of patients, paperwork, answering the phones.
Let’s say one night, near the end of her shift, the phone rings again for the 50th time that hour. The nurse answers it, with a sigh saying, “how can I help you?” On the other end is a frantic, frustrated IT employee, “Hey, we’re having trouble with Angela and hoping one of you could help us. Can you please do us a favor and answer some of these questions about the system?”
The nurse, with her tired feet, drags herself over to the machine and answers the questions, one by one on the phone. At the end of the call the relieved IT employee says “thank you so much, you’ve really helped me tonight. I’ll be sure to bring this up to your supervisor and mention how helpful you are!” Feeling like she’s done some good for the night, our nurse is left feeling better for having met that IT person.
The Risk Exposed
However, what if that IT employee was not an employee? What if it’s a criminal in search of the correct login information for that system? Armed with the answers, he can now log into that system. He can control the questions being asked, review the PII being given, and access the camera facing the patient. Do you have chills yet? I certainly did, hence why I asked for the system to be removed from my room.
When I made that request the nurse reluctantly asked, “Umm ok….?” My answer to her was “I work in cybersecurity, and frankly that thing creeps me out.” Her reply? “Me too.”
The Best Way to Predict the Future is to Invent It
Let’s face facts, AI is not going anywhere anytime soon. In fact, in ways, these AI systems are beneficial and if used correctly and securely, they could in fact help corporations, including the healthcare system. But these benefits need to outweigh the risks, and right now the risks are high. In one of the latest attacks on an Ontario hospital, a cyberattack took out their utilities, including their critical IT systems, putting patients at risk of death.
Security awareness has been proven to be an effective way to train employees how to recognize and thwart attacks. But the security awareness needs to be EFFECTIVE. Only you can determine what is effective for your company. If you are in the healthcare industry and wondering how you can possibly figure all of this out, our social engineering professionals are here to discuss what you need and how we can help you. Contact us today.
Written by: Amanda Marchuck
At Social-Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit: