‘Grey’s Anatomy’ Fact Check: What Really Happens When a Hospital Gets Hacked?

In the midseason finale, the doctors at Grey Sloan Memorial were left with a decision: Should they give in to ransomware hackers?

Grey's Anatomy Season 14
ABC/Richard Cartwright

The “Grey’s Anatomy” Season 14 midseason finale left us on quite the cliffhanger–after hackers attacked Grey Sloan Memorial with ransomware, Chief of Surgery Miranda Bailey (Chandra Wilson) decided to give in and pay the hackers a ton of money in Bitcoin.

Dr. Jackson Avery (Jesse Williams) offered up the funds to pay the hackers, but he’s in a helicopter accident with Dr. Maggie Pierce (Kelly McCreary) just when Bailey makes the call, leaving us to wonder: Will the doctors really give in to the hackers, despite the warnings of the FBI? And if they do, will they really get access back to their systems?

The stressful storyline got us wondering how this plays out in real life.

Hospitals are desirable targets for hackers for a couple reasons. First, the level of urgency is much higher when your dealing with human lives.

“If you have patients, you are going to panic way quicker than if you are selling sheet metal,” Stu Sjouwerman, CEO of the security firm KnowBe4 told Wired in 2016. Another reason, Sjouweman said, is because hospitals “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general.”

The risk, as pointed out in “Grey’s Anatomy,” is that you can’t know for sure that the hackers will give back your data after they get paid.

The problem was demonstrated in the real world just this week, when Hackcock Health hospital in Greenfield, Indiana paid about $50,000 to hackers who hijacked the hospital’s computers through an outside vendor. The hackers locked critical data, including patient medical records and company emails, and changed the names of more than a thousand files to “I’m Sorry.”

The decision to pay the hackers off wasn’t easy to make, but senior vice president and chief strategy officer Rob Matt told IndyStar on Wednesday that “the amount of the ransom was reasonable in respect to the cost of continuing down time and not being able to care for patients.” The hospital regained access to its data soon after making the payment.

That’s exactly why Bailey wants to cave on the show.

Cybersecurity Ventures predicts that ransomware attacks aimed at healthcare organizations will quadruple by 2020. Steve Morgan, founder and Editor-In-Chief of the cybersecurity research company, said hospitals are the number one target because of the reasons outlined above.

Yikes–we know the “Grey’s” writers room often draws from real life occurrences for story inspiration, and this one is particularly relevant.

Will Bailey and the rest of the surgeons outsmart the hackers in tonight’s midseason premiere? Watch “Grey’s Anatomy” tonight at 8 p.m. on ABC to find out what happens at Grey Sloan Memorial.