Hackers are using healthcare organisations as a breeding ground for data theft
As technology grows and advances, so too does cybercrime. Hacking, malware and data theft impact businesses and organisations across all industries, including those operating within the healthcare sector.
One of the most devastating of examples of this occurred in 2017, when the National Health Service became a high-profile victim of the infamous WannaCry ransomware. This crypto-worm targeted systems running outdated Microsoft Windows operating systems, and infected around 70,000 NHS devices including MRI scanners, blood storage fridges and theatre equipment.
Needless to say, the results were devastating. The final cost to the NHS was upwards of £92 million. But this is just one example of cybercriminals targeting health organisations. The reality is that health organisations need to aware of just how great a threat cybercrime poses in order to protect themselves from it.
Healthcare cyberattacks are on the rise
The 2020 Verizon Data Breach Investigation Report makes for sober reading when it comes to cybercrime and healthcare. In the last year, data breaches within the healthcare sector have risen by 58%, with a total of 521 confirmed breaches.
Not only that, but these threats came from external (51%) and internal (49%) sources in almost equal measure. This means that the healthcare sector has the highest percentage of internal threat actors.
All of this displays how healthcare cyberattacks are rising in record numbers. From sensitive patient data to the use of outdated technology, there are several reasons why this is the case.
Hackers are looking for valuable patient data
Patient records are a necessary asset to all healthcare organisations, but they also represent a huge source of sensitive medical data that creates an exciting opportunity for cybercriminals. Hackers can profit from compromising confidential medical records, which are often sought on the black market. One famous example of this occurred in 2017, when a plastic surgery clinic in London suffered an extensive data breach. The details of surgeries of high-profile clients later ended up on the black market.
Legislation such as GDPR has put the pressure on organisations to protect the personal data of their customers, clients and patients. However, many healthcare establishments still fall behind when it comes to cybersecurity.
Healthcare is an easy target
Like all industries, healthcare has become much more digitally-focused in recent years. This has improved communication, productivity and accessibility, but the adoption of more internet devices has also created a larger attack surface for hackers.
Nowadays, the likes of X-Ray machines, surgical robot devices and heart rate monitors are all connected to a network, creating a medical ecosystem which hackers can utilise. Often, by hacking one device, cybercriminals are able to move freely around the network.
On top of this, outdated technology and software is commonplace within healthcare organisations. It is not uncommon for hospitals to lack the funding for state-of-the-art equipment, which only serves to make them an even easier target for hackers.
Understanding cybercrime is key to avoiding it
While cyberattacks can appear like random phenomenon on the surface, the reality is that most hackers will only target the easiest victims. That’s why education surrounding cybersecurity is so important.
The Verizon report highlights phishing as one of the most common sources of healthcare cyberattacks. This occurs when unsuspecting victims are coerced into providing sensitive information to a seemingly reputable source.
Improving understanding and education around cybercrime can help those within the healthcare industry recognise potential threats when they see them, ultimately improving the safety of the organisation as a whole.
The healthcare sector has undoubtedly become one of the most appealing targets for cybercrime, presenting cyber security consultants with a significant and ongoing challenge.