CHARLESTON, S.C. (WCSC) - A new kind of healthcare crisis is impacting hospitals across the nation, including the Medical University of South Carolina.
Steven Cardinal, the manager of security technology for MUSC said robocalls are a real and increasing threat.
“This is more than just an annoyance, this could actually be really bad,” Cardinal said.
While MUSC hasn’t suffered a large scale robocall attack, according to Cardinal, other hospitals in the United States have.
In April 2019, Dave Summitt, the chief information security officer for H. Lee Moffitt Cancer Center & Research Institute in Florida, testified before the US House Subcommittee on Communications and Technology of the Committee on Energy and Commerce.
“To amplify the extent of this problem, I am sharing data from our organizational phone system for the past ninety days.” Summitt said. “During this time period we received over 6,600 external calls identified as a Moffitt internal phone number consuming a total of 65 hours of response time.”
Cardinals concern is that, in the worst-case scenario, an overwhelming number of robocalls during a critical incident could be potentially dangerous and disrupt the life-saving mission of healthcare providers like MUSC.
“If we have a major health incident…we could be very hard pressed to take care of our patients the way we need to,” Cardinal said. “There’s not a lot you can do about it. You can try to reach out to the phone company and say we are getting attacked right now, but they don’t necessarily have the technology to be able to do anything and filter it. They could shut the entire phone system down, but that’s what the bad guys are doing already.”
Cardinal believes proactive measures need to be established to stop robocall attacks from happening, and he’s echoing a call to action from other healthcare providers worried about this threat.
“My ultimate goal for today’s testimony is to give a voice to the hundreds of organizations that are experiencing the impact of unsolicited, fraudulent, and malicious telephone calls. When received, these calls are disruptive and potentially dangerous. Moreover, parties initiating these calls are deceptively identifying our organizations as the source, which is damaging to our reputation and, more importantly, the welfare of our communities,” Summitt testified. “As this Committee considers new legislative and regulatory strategies to address these issues, I would ask that three things be considered: First, place provisions for accurate caller identification into your requirements; Second, place some of this burden and responsibility back onto the telecom carriers and third; provide requirements for telecoms to work with businesses in shutting down or investigating malicious activity, especially when it involves a critical infrastructure.”