sb-eu logo
Story image

Shadow of ransomware looms over healthcare sector

14 May 2020

Many tech companies are mobilising around the world to assist the healthcare sector in its role as the first line of defence against COVID-19.

Some are using their 3D printing facilities to deliver PPE to hospitals; others are providing their remote working tools free of charge; some are using their technological endowment to help in the race for a vaccine.

Because of these acts, and because the worldwide pressure on healthcare systems demand it, hospitals are undergoing rapid digital transformation to better cope with the virus.

But as always, the closer organisations move to digitalisation, the higher their cybersecurity risk profile becomes.

And with the scale and complexity of cybercrime increasing, coupled with the move towards digital transformation and remote patient care, the number of cyberattacks on healthcare systems will continue to increase, says GlobalData, a data and analytics company.

“Since the emergence of electronic health records, hospitals have been labelled as an attractive target for cyberattacks due to the interconnectedness of hospital operations, multi-institutional data sharing, the lack of appropriate safety measures and outdated information technology infrastructure,” GlobalData senior director of market research Urte Jakimaviciute.

“Hackers will continue to target vulnerable systems as long as there are profits to be made: from selling the stolen patient’s data to holding the healthcare systems hostage until the criminals’ demands are met.”

A typical example of a ransomware attack on a hospital can be found in the April 2017 cyberattack of New York’s Erie County Medical Center (ECMC), which hijacked the facility’s computer systems with hackers demanding nearly $30,000 worth of bitcoin as ransom, which the hospital refused to pay. 

In the end, the ECMC estimated that US$10 million had been lost as a direct result of the attack.

Another attack in 2017 saw WannaCry launch a ransomware assault on the UK’s National Health Service (NHS) hospitals, causing widespread disruption to health services, with more than one-third of NHS trusts affected. 

With such a large number of facilities affected by the breach, the financial damage was huge - over US$100m was lost through disruption to services and IT upgrades.

“Any attack similar to the ones that caused disruptions in ECMC or NHS in 2017 now could be catastrophic,” says Jakimaviciute.

“The surge in COVID-19 cases has caught the healthcare systems unprepared, and an increase in working-from-home, telemedicine and virtual care has made the healthcare system very vulnerable to attacks.”

A recent cyberattack on the University Hospital of Brno, which has one of the country’s biggest COVID-19 testing labs, forced the facility to shut down its entire IT network. 

The incident was considered severe enough to cause the delays in surgical procedures and require staff to relocate some critical patients to other hospitals.

“Hackers are able to quickly identify which hospitals are under a lot of pressure or do not have sustainable contingency plans to deal with such attacks, and they will take advantage of that,” says Jakimaviciute.

“Currently the healthcare organisations devote just a small fraction of their budgets to implement cybersecurity measures. 

“Nevertheless, due to the COVID-19 outbreak the uninterrupted functioning of health services becomes more important than ever meaning that everything related to IT security cannot be neglected.”

Story image
New tech startup looks to help lawyers and finance pros
StructureFlow has launched to market, dubbing itself as a tech startup with the mission of helping lawyers and finance professionals visualise complex legal structures and transactions. More
Story image
Rise in cyberattacks targeting the cloud as use of collaboration tools increase
“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption."More
Story image
CrowdStrike and ExtraHop partner up to bolster cloud threat detection
The companies say the partnership will marry network visibility, machine learning (ML) behavioural threat detection and decryption of SSL/TLS sessions.More
Story image
Digital heists: Attacks on financial institutions rise 238% in 3 months
The pandemic has created a perfect storm for financial cybercrime, with attackers taking advantage of every opportunity they get to target financial institutions.More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
Survey: poor backup planning can cripple online retail
New survey finds one in four retailers have permanently lost critical business data, damaging sales and revenue.More