Although the number of cybersecurity incidents in the medical field is growing rapidly, many organizations still do not take serious measures to counter cyber criminals. This happens despite the fact that attackers are targeting not only financial assets, but what is much more terrible human lives.
Let us see how things are going with the security of medical institutions and what awaits us tomorrow.
These days hackers are extremely interested in the healthcare industry. The pandemic has attracted so many scammers to this area that there is little doubt that they know everything about us.
Unfortunately, in some cases, there are serious casualties. Several months ago, a ransomware attack on a medical facility resulted in the death of a patient.
The actions of malefactors cause huge financial damage to healthcare organizations. In 2016, Protenus estimated financial losses from information security breaches for US medical institutions at $6.2 billion. Cybersecurity Ventures predicted that the healthcare industry would collectively spend more than $65 billion on cybersecurity products and services between 2017 and 2021, and in 2019 this sector would be hit by cyberattacks 2-3 times more than others. In recent years, data on incidents in this segment have been growing exponentially.
According to the US Department of Health and Human Services, in 2019, there were 510 cases of medical data breaches, which is 196% more than in 2018. According to Kaspersky Lab, every fifth device was attacked in medical organizations around the world in 2019. Kaspersky predicts this figure will continue to grow, mainly due to ransomware infections.
Why do hackers attack hospitals?
What things drive cybercriminals to the healthcare sector? First of all, it is the ease of implementation of attacks. Medical institutions often use outdated IT systems and rarely update any software. Therefore, these solutions contain hundreds of dangerous vulnerabilities that provide access even to those hackers who are not highly qualified and were involved earlier only in minor malware operations. It turns out that the cost of implementing attacks is extremely low here and taking into account the presence of attractive patients’ data, this factor becomes decisive.
Besides, medical organizations often do not have experienced cybersecurity staff. Data breaches are often discovered when databases go on sale on the black market or are simply made public.
According to Black Book polls, in 2019, only 21% of hospitals reported having a dedicated security chief, and only 6% had chief information security officers – CISOs.
The lack of competent IT specialists does not allow medical institutions to cope with a sudden crisis (for example, when a virus encrypts all data and fraudsters demand a ransom to return that data.) In such situations, hospitals prefer to pay hackers, restore access, and avoid publicity. They do not realize that doing so creates more motivation for attackers.
The value of medical data is also growing. According to a Kaspersky Lab study, the cost of medical information on the darknet is higher than that of the bank card information. Cybersecurity Ventures estimates that a stolen patient’s medical record can cost up to $60 per record (10 to 20 times more than credit card information.)
Possession of this private information helps cybercriminals to trick people and their relatives. In addition, hackers can alter medical records to make it difficult to diagnose a disease. They may also blackmail patients by threatening to disclose disease data.
In addition, cybercriminals are interested in information about treatment costs, which they can use for their own purposes, for example, to assess the funds available to clinic partners and clients.
What do hackers attack the most?
According to open-source data, most of the information security problems of medical organizations in 2019 were associated with email systems and phishing attacks.
Besides, experts noted a large number of brute-force attacks with subsequent access to the services of medical institutions that are open for connection from the outside. This vector of attacks is aimed at exploiting the RDP protocol, which is most often used for remote access and is very important during a pandemic.
The essence of this method is that attackers look for weakly protected employee accounts, hack them, gain access to public services of the company, and penetrate the perimeter. As a result, they may not only steal data but also launch malicious programs.
Consequences of cyberattacks on medical systems
Attacks on the health sector have dire consequences. In particular, a study by British specialists found that just one attack of the WannaCry ransomware virus, targeting vulnerabilities in the Windows operating system, cost UK hospitals almost £100 million and caused significant disruption in patient care, including cancellation of almost 19 thousand appointments and planned surgeries at least a third of the UK’s national health service facilities and eight percent of general practitioners.
Black Book experts calculated that the estimated financial loss from data breaches at US hospitals in 2019 averaged $423 per entry. They also surveyed 58 marketing executives of large healthcare organizations. They found that over the past 18 months, they have spent between 51 and 100 thousand dollars to eliminate the consequences of negative publications caused by data leaks and information thefts.
The worst incidents provoked by the intervention of hackers in the work of medical facilities are associated with deaths in patients. Researchers from Vanderbilt University took a list of health data breaches compiled by the Department of Health and Human Services (HHS) and used it to analyze patient mortality rates in more than 3,000 hospitals. Researchers found that after such incidents in hundreds of surveyed hospitals each year, there were 36 additional deaths per 10 thousand heart attacks. In particular, in medical centers where such disruptions occurred, patients with suspected heart attacks took longer to receive an electrocardiogram.
The representatives of one of the hospitals in Germany, the university clinic in Dusseldorf, said that they could not assist the patient since the institution’s computers were infected with a ransomware virus. The woman died on the way to a hospital in another city.
Medical institutions need to understand that the number and complexity of cyberattacks will only grow. The longer they try to solve information security problems on their own, without making incidents public, the worse it will be.
Right now, attacks on medical facilities entail not only millions of financial losses but also human deaths. During the pandemic, the situation will only worsen.
In addition, experts are confident that in the near future, the number of incidents associated with various medical devices inside hospitals and diagnostic centers with Internet access will increase.
The digitalization of medical services is growing. More and more software and information systems are being used. The popularity and demand for telemedicine services are also increasing. Al these factors open more opportunities for hackers, and they will definitely use them.
Security awareness will be a key factor for medical institutions over the next five years. Governments, large medical institutions, and small clinics need to unite efforts, attract qualified IT specialists, and start a dialogue to solve problems together.