French Health Minister Olivier Veran (R) speaks with medical staff during a visit of the Villefranche-sur-Saone’s Nord-Ouest hospital, a few days after it was targeted by cyberattacks, on February 22, 2021. (Photo by JEFF PACHOUD / AFP)
- Cybersecurity is a growing issue across all industries, with no signs of slowing down
- Two-thirds of health delivery organizations have been victims of ransomware attacks, while 33% have been hit twice or more
- Governments must enforce existing laws and norms of behavior to crack down on cybersecurity threat actors
Healthcare is one of the most critical industries when it comes to cybersecurity. With more money, data and patients’ health records at stake, this industry has a lot to lose. And while healthcare organizations have been working hard to shore up their security measures, they aren’t keeping pace with the rising number of cyberattacks.
There has been a 600% increase in ransomware attacks against care organizations in the past two years of pandemic-era healthcare.
Cybersecurity attacks increase mortality rates
According to a report by Ponemon, the attacks have also increased patient death rates, with a quarter of the survey participants reporting an increase in mortality rates. The report, sponsored by Censinet, also found that over two-thirds (67%) of health delivery organizations have been victims of ransomware attacks, while 33% have been hit twice or more.
In the wake of the WannaCry ransomware attack which took down the UK’s National Health Service in 2017, the latest IBM X-Force report finds that large-scale cyberattacks on healthcare systems doubled in 2020, with ransomware accounting for 28 % of all attacks. This number is rising, and if things don’t change soon, the medical industry will be in critical condition.
The Healthcare sector is not prepared for cybersecurity attacks
At a June Congressional meeting, frontline security leaders admitted the healthcare sector isn’t prepared to face these attacks’ current scope and sophistication. “I am here today to tell you that health care is not prepared to defend or respond to ransomware threats,” said physician Christian Dameff from the University of California San Diego.
“Health care needs the same technical controls as recommended by industry security leaders,” he added during a House Energy & Commerce hearing on the growing ransomware threat to critical infrastructure. The CyberPeace Institute analyzed over 235 cyberattacks data (excluding data breaches) against the healthcare sector across 33 countries and found that over 10 million records have been stolen.
The world’s first death linked to a cyberattack
A reported ransomware attack caused the death of a 78-year-old woman suffering from an aortic aneurysm in Düsseldorf, Germany. The hackers encrypted data and then demanded payment to unlock it, forcing the hospital to turn the ambulance away which delayed the patient’s treatment by an hour.
The attack also compromised the digital infrastructure that the hospital relied on for the coordination of beds, doctors, and treatment, thus forcing the cancellation of hundreds of operations and other procedures.
YOU MIGHT LIKE
How can AI derail the organization’s cybersecurity?
Cybersecurity securing the right to healthcare
With the rise of internet-connected devices, hacking has become a growing concern. Cybersecurity is a growing issue across all industries, with no signs of slowing down. To prepare for this new threat vector, healthcare providers must be proactive about protecting their patients’ data from cyberattacks.
As the healthcare industry becomes a larger target for cybercriminals, organizations must increase their investment in cybersecurity and patch vulnerabilities and update systems. This protects patient data and protects them against sophisticated hackers and phishing schemes.
In addition, there must be a level of cybersecurity awareness-raising and training for staff.
Governments must play their part to crack down on cybersecurity threat actors
Governments must also enforce existing laws and norms of behavior to crack down on cybersecurity threat actors. The rapid growth and sophistication of cybercrime in recent years has led to the emergence of a cybercriminal “ecosystem” that is complex, sophisticated, ever-evolving and increasingly borderless.
Successful prosecution efforts require a holistic approach involving many stakeholders, including law enforcement agencies and technical experts worldwide.
6 March 2024