Health

(0) attackers < Back

Understanding the cyber threat:

Healthcare organizations are increasingly exposed to online attacks, threatening daily work and compromising confidential patient data. It has become apparent from the many attacks that have occurred in recent years that healthcare staff does not have the time or resources to minimally counter the attacks. The potential disruption caused by a complete overhaul of online security is simply too great for many organizations to even consider. Despite the willingness of governments to successfully limit the number of attacks on critical infrastructure, new threats continue to be discovered every day. The high demand for patient information and often outdated systems are among the many reasons why the healthcare sector is now the main target for online attacks.

Since 2019, the healthcare sector has seen a shift from breaches caused by internal actors to primarily external actors. It brings this vertical in line with the long-term trend seen by other industries. While one of the primary concerns in the healthcare industry remains miscellaneous errors, with delivery mistakes being the most common incident (36% of human error), these are not intentional in nature. As a matter of fact, malicious insider breaches have not been among the top three trends in the healthcare industry for several years.

 

While basic human error continues to plague the healthcare industry, organized cybercriminal groups with a financial motivation continue to target it, with ransomware deployment a preferred tactic.

​• Ransomware attacks have hit 34% of healthcare organizations in 2021 1

 

• The Secretary of U.S. Department of Health and Human Services (HHS) Breach of Unsecured Protected Health Information lists 592 breaches of unsecured protected health information affecting 500 or more individuals that are currently under investigation by the Office for Civil Rights. 306 of the breaches were submitted in 2020 alone.

 

• From 2017 to 2020, more than 93 percent of healthcare organizations have experienced a data breach and 57 percent have had more than five data breaches during the same time frame.

 

• The average bill to recover from a ransomware attack was $1.27 million in 2021, the lowest of any industry over the year.

 

• Data compromised: Personal (66%), Medical (55%), Credentials (32%), Other (20%), (breaches)

 

• Actors motivations: Financial (91%), Fun (5%), Espionage (4%), Grudge (1%) (breaches)

 

​Between 2020 and 2021, France recorded 27 major cyberattacks on healthcare institutions. February 2021 was the most impactful month for attacks on hospitals.

Likewise, UHS (Universal Health Services), which has 3.5 million patients in 400 US and UK facilities, has faced major cyber attacks: cybercriminals have used Ryuk. This ransomware has recently been used in numerous attacks on healthcare systems around the world. The sector’s attractiveness to cyber criminals stems from the information held by hospitals, namely PII (personally identifiable information, medical records and payment information.

• Increased mortality rate

 

• More complications from medical procedures

 

•Delays in procedures and tests that resulted in poor outcomes

 

• Retake of patients transferred or diverted to other facilities

 

• Longer stays

 

• Significant financial impact due to cyber attacks: by the end of 2020, security breaches cost $6 trillion dollars for healthcare companies

The global containment situation is thus indirectly introducing, by virtue of its exceptional nature in all areas of everyday life, a great deal of excitement in the world of cyber security. This feverishness has been identified by the cyber threat ecosystem. This has been particularly noticeable with many institutions in the health sector falling victim to numerous groups of attackers:

 

  • Hackers managed to penetrate the system of one of the largest test centres of Covid-19 in Antwerp, Belgium. While its network was still offline on Tuesday, the laboratory refused to pay the ransom and filed a complaint.

 

  • The European Medicines Agency (EMA), which is responsible for reviewing the dossiers of candidate vaccines, was hit by a cyber attack. Scientific data on the Pfizer-BioNTech vaccine, the first treatment on the market, was accessed by the criminals.

 

  •  On 15 September, the Paris Hospitals (AP-HP) reported that the personal data of 1.4 million people who had undergone Covid screening tests in the Ile-de-France region in mid-2020 had been stolen during the summer. E-mail, telephone number, address, social security number and test results were found in the wild and on dark web sites.

In order to improve efficiency and performance, many hospitals are equipped with connected devices (15 to 20 in one hospital room on average). Some of them, such as ultrasound scanners and physiological monitors, are connected to both the Internet and the hospital’s computer network, thus providing an entry point for an attacker. Internet of Things devices have many intrinsic vulnerabilities, are rarely protected by antivirus software and are not regularly updated, which explain why they