Without any arguments it's just data. Is a lack of spending on key infrastructure, tied to poorer outcomes something we can discuss?
I'm not sure this is the best article to discuss the causes/mitigations.<p>There was one interesting data point, but no source of cause listed.
>for care centers that experienced a breach, it took an additional 2.7 minutes for suspected heart attack patients to receive an electrocardiogram.<p>Is this while they were prevented from performing care? Thankfully PBS's article goes into more details<p><a href="https://www.pbs.org/newshour/science/ransomware-and-other-data-breaches-linked-to-uptick-in-fatal-heart-attacks" rel="nofollow">https://www.pbs.org/newshour/science/ransomware-and-other-da...</a><p>>hospitals that experienced a data breach, the death rate among heart attack patients increased in the months and years afterward. This increased mortality doesn’t appear to be due to the perpetrators themselves — the hackers are not controlling the allocation of medications or doctors. Rather the issue may lie with how health care systems adjust their cybersecurity after an attack<p>Which makes a much different argument: the hospital response to a Cybersecurity incident increases mortality (thus: can we expect a similar uptick in negative outcomes amongst healthcare organizations who implement similar security polices?)<p>Research paper: <a href="https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.13203" rel="nofollow">https://onlinelibrary.wiley.com/doi/full/10.1111/1475-6773.1...</a><p>The PBS article points out that security practices applied to clinicians led to this problem.<p>Do we have evidence that the hacking took advantage of the EMR's security issues?<p>>Time from door to ECG significantly increased after a breach and the elevated time to ECG persisted at 4 years after the breach. Security typically adds inconvenience by design—making it more inconvenient for the adversary. For example, stricter authentication methods, such as passwords with two‐factor authentication, are additional steps that slow down workflow in exchange for added security. Lost passwords and account lockouts are nuisances that may disrupt workflow. The persistence in the longer time to ECG suggests a permanent increase in time requirement due to stronger security measures.<p>So what compromise is possible to ensure fast login? Can two factor login be limited to new login devices? (Thus limiting impact to those working in new locations?)<p>Login devices which aren't recognized? (Ie: external servers)<p>Should EMR login be separated from local PC login within a hospital/emergency department? (Cold booting a PC and logging into windows would be the slowest response time).<p>Can we tie logins to employee badges to skip all password entry? (Lost badges would thus warrant reporting loss.)