It is worth noting that healthcare systems across the world have turned to digital solutions so as to bolster cost efficiency as well as clinical quality. The fast adoption when it comes to tech such as electronic health records- EHRs, Internet of Things- IoT, telemedicine devices has gone on to make the process seamless, but at the same time, it has also broadened the attack surface for cybercriminals.
The fact is that with patient information that’s highly sensitive at stake, and inadequate security measures, healthcare infrastructure has gone on to become quite a prime target when it comes to cyber threats.
The healthcare sector went on to face one of its most drastic attacks in May 2021 when the Irish Health Service Executive- HSE was breached by the Conti Ransomware Gang. The breach occurred when an unsuspecting user went ahead and opened a phishing email and downloaded malware which provided access to the network. Once it was activated, the Conti ransomware went on to have a profound countrywide impact.
Almost 80% of the data in the system was encrypted, thereby resulting in the national diagnostic imaging platform becoming inaccessible as well as the suspension of five major centers offering radiotherapy services.
The loss in terms of access to patient appointments, details, as well as medical records went on to force more than 50% of the acute hospitals to defer outpatient appointments as well as interventions. Due to this, there were many organizations that had to resort to paper-based processes so as to maintain the necessary clinical services.
According to Richard Hummel, the Senior Threat Intelligence Manager at Netscout, healthcare tends to get targeted more regularly since it happens to be a very critical piece of infrastructure. The disruptions can also have some life-threatening implications, and the threat actors happen to depend on this urgency, knowing that healthcare administrators are most likely to go ahead and pay the ransom so as to restore their critical services as compared to other sectors.
It was in June 2023 that St. Margaret’s Hospital in Illinois went on to shut its doors permanently due to the aftermath of the 2021 ransomware attack. Although, the cybercriminals have gone on to target hospitals of all sizes, it is worth noting that certain ransomware groups stress smaller hospitals due to their much weaker defences.
As per Hummel from Netscout’s, the institutions are being targeted by a range of cybersecurity threats, like supply chain attacks, ransomware as well as social engineering. Moreover, hacktivists that happen to be involved in geopolitical issues happen to be leveraging the DDoS attacks so as to put pressure on the healthcare sector in order to create chaos as well as force political change. There is a 14% rise in healthcare targeting, which has been witnessed.
It is well to be noted that the healthcare industry reported one of the most expensive breaches in 2023, which averaged almost $10.93 million per incident, almost double the expenditure in the financial sector. The safeguarding of these digital assets happens to be paramount so as to preserve integrity, confidentiality, and availability when it comes to patient information.
This interconnected nature pertaining to the modern healthcare system means that one breach in a particular area can go on to compromise the complete infrastructure, thereby posing a direct challenge to the safety of the patients. In order to maintain operational progress and safeguard failures, the throttling of cyber resilience is indeed the key.
Cybersecurity investment within healthcare falls behind as compared to other sectors. The cost of breach data report from IBM says that the healthcare industry goes on to allot just 6 to 10% of its entire IT budget for cybersecurity, and in spite of the cost that’s rising, only 51% of the industries that were surveyed expect growth in cyber security spending post-breach, which is indeed a trend that’s all the more concerning.
It is well to be noted that cybersecurity incidents across the middle east have risen to record an average cost of $8.07 million per data breach which quite a notable increase from $7.46 million in 2022. The figure, in a way, stands much higher as compared to the global average of $4.45 million per incident, thereby positioning the region as the second highest region in terms of data breach costs, only trailing behind the US. As per Sameer Chauhan, the United Nations International Computing Centre director, UNICC happens to stand on the frontlines, safeguarding the UN family against cyberattacks that are much more sophisticated. Apparently, there are many nations across the Middle East that have gone on to execute updates to their data protection laws so as to put into force stringent security measures on user data. Moreover, the UAE Central Bank has gone on to recently establish a center pertaining to networking and cyber security operations in order to address vulnerabilities as well as threats to security. In the same way, the Saudi Central Bank has also come up with issuing a complete cybersecurity framework that is aimed at protection, compliance, and other various elements for financial institutions.
The rise of smart as well as interconnected medical services goes on to represent a pathbreaking shift in healthcare, thereby offering advantages such as real-time health tracking, customized treatment choices, and elevated medical accessibility.
But this kind of escalated connectivity also goes on to amplify the cyber threat risk, highlighting the requirement for strong protection measures in order to safeguard crucial healthcare services. Taking into consideration these kinds of issues, the US FDA issued its guidelines in September 2023 for cybersecurity in terms of medical devices, thereby elaborating on the significance of executing security measures that are robust right from the initial phase to the rollout. The fact is that cyberattacks on healthcare systems can impact the safety of patients in a direct way, as it is seen in cases where hospitals were not able to give out timely care because of compromised IT systems. Taking note of such susceptibilities is indeed necessary in order to safeguard both human lives as well as digital assets.
