Trusted by over 1.2 Million Global Healthcare Seekers
Industry News

Ransomware: Should Medical Tourism Hospitals, Patients -- Beware?

Industry News

Surgery just got a little more complicated. Bloodless, hard to identify and difficult to trace, this latest risk has doctors and hospital administrators in emergency mode to keep the threat from escalating and compromising electronic medical records.

The digital high alert reached a peak earlier this month when ransomware prompted administrators at a southern California Hospital to release $17,000 in bitcoins in return for the decryption key that would enable them to regain access to their computer systems.

Until those demands were met and electronic operations were restored, communications at Hollywood Presbyterian Medical Center had been reduced to fax machines, phone calls and pencil and paper.

Patients reported long delays in receiving care some were directed an hour's drive away for lab tests — while doctors attempted to access digital medical records. Fortunately no one died, but the dangerous situation was further punctuated when reports surfaced in Germany, where digital extortionists had brought Lukas Hospital to its paperless knees after a malicious email attachment was apparently opened by a mistaken staffer.

Renée-Marie Stephano, President of the Medical Tourism Association, said ransomware should raise a red flag to the potential dangers of cyberattacks in the medical tourism community, which has warmly embraced information technology to gather and transfer valuable patient records from centralized data management platforms to diagnostic scans and discharge summaries.

We are entering a frightening realm of healthcare in which, perhaps, one click on an unknown link can wreak havoc on an entire medical community, she said. Healthcare providers, if they have not already done so, should be asking if they have invested enough to protect personnel and patients, medical devices and clinical information from hackers.

What forms of cyber and data security and recovery plans are in place and what training strategies are underway to raise awareness and educate about potential disruptions from phishing scams?

Stephano said information technology has helped to manage the complexity of healthcare, enabling providers to oversee patient care more efficiently and across multiple facilities, time, and conditions.

Phishing for Answers

To a smaller, yet more increasing degree, medical tourism is adapting electronic solutions to improve efficiency, influence consumer conversion-rates, and enhance overall patient experiences, said Anuja Agrawal, CEO of Health Flights Solutions, which provides compliant and secure patient management systems to medical tourism operatives.

If ransomware can attack a hospital, medical tourism can also be subject to similar threats in much the same way any industry is now at risk, she said. Hospitals, facilitators, governments and even self-insured employers want to be safe and confident that the data management technologies they have in place can continue to drive medical tourism opportunities without putting their human and capital resources at risk to unauthorized and malicious access.

Hollywood Presbyterian did not say exactly when administrators caved into the hackers, but damage had been reported to CT scans, lab work, and radiation and oncology protocols. Rather than pay the ransom, Lukas Hospital in Neuss, North Rhine-Westphalia shut down its system and began scrubbing for malware.

The hospital is up and running with the exception of a few email systems. German hospitals are subject to fines of up to 100,000 euros if they fail to meet minimum information security standards passed last year.

Despite these recent high-profile hacking events, Stephano said most hospital data breaches are the result or human error. However, she said citing a study of healthcare organizations — the frequency of cyberattacks had steadily risen by 125 percent in the last five years; the most common threats include spear phishing or fraudulent email schemes and malware attacks.

Learn about how you can become a Certified Medical Tourism Professional→
Disclaimer: The content provided in Medical Tourism Magazine ( is for informational purposes only and should not be considered as a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. We do not endorse or recommend any specific healthcare providers, facilities, treatments, or procedures mentioned in our articles. The views and opinions expressed by authors, contributors, or advertisers within the magazine are their own and do not necessarily reflect the views of our company. While we strive to provide accurate and up-to-date information, We make no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, suitability, or availability of the information contained in Medical Tourism Magazine ( or the linked websites. Any reliance you place on such information is strictly at your own risk. We strongly advise readers to conduct their own research and consult with healthcare professionals before making any decisions related to medical tourism, healthcare providers, or medical procedures.
Free Webinar: Building Trust, Driving Growth: A Success Story in Medical Travel Through Exceptional Patient Experiences