Crippling cyberattacks against hospitals and healthcare institutions are on the rise. This year, there’s been a sharp uptake in cybergangs stealing confidential patient data by launching ransomware attacks. These ruthless attacks can take medical systems offline for weeks, resulting in thousands of cancelled appointments, surgeries and causing harm to patients. Doctors and nurses are also plunged into crises as they are suddenly locked out of online patient records, resorting to filing paperwork manually. Phone systems go down, while IT staff work tirelessly to bring services safely back online. The recovery can be long-lasting and brutal.
It doesn’t take long to see how ransomware can have a dangerous impact on the healthcare sector. The industry is being increasingly targeted because of the valuable data it holds. Cybercriminal gangs such as Qilin, the Russian-speaking cybergang behind the recent Synnovis attack, stole data and following unsuccessful negotiations, listed it on the dark web. The gang demanded upward of $50 million from Synnovis as a threat to not release the data. But even if a cyber gang is unsuccessful in receiving a ransom, a successful attack further grows their notoriety.
Security Technology and Strategy Director for Akamai's EMEA region.
Calculating the human cost
With criminals operating internationally, cybercrime is ultimately a business. The World Economic Forum has revealed that the cost of cybercrime could reach $10.5 trillion annually by 2025. Yet, when bad actors specifically target healthcare institutions - it is patients who pay the price.
Hospitals and other healthcare organizations are very complex as they constantly store and process significant volumes of personal data. This personal data is fed into dozens of software models hosted by third-party companies, providing everything from electronic health records to staff shift schedules. Cyberattacks against third-party service providers that take medical services offline can impact a hospital’s internal systems and networks and those belonging to these third-party suppliers.
In the hours and days immediately following a ransomware attack, it’s common for companies who have software connected to the targeted organization to pull the plug on their services as they determine what areas have been affected. While a cyberattack against a business may disrupt services like payments and monitoring stock inventories, cyberattacks against the healthcare industry can deny patients lifesaving care and slash their trust in healthcare services.
Couple this with the healthcare industry seeing a significantly larger increase (162%) in cyberattacks than any other industry - the second highest rise came in media leisure and entertainment (116%) - and it’s clear that the human cost of cyberattacks is skyrocketing in within healthcare organizations.
Blindspots in healthcare
Throughout the healthcare sector, organizations are reporting that budget constraints are the biggest barrier to cyber resilience. In the current climate, too many institutions are typically only able to act against cyberattacks on a reactive basis. But the truth is that reactive approaches hand the initiative to malicious actors and place healthcare establishments on the back foot.
Old healthcare IT systems also provide enticing entry points for cybercriminals. For example, organizations frequently rely on out-of-support operating systems such as Windows 7. In some cases, legacy systems can account for between 30 and 50 per cent of all IT services, leaving them open to vulnerabilities. Some of these systems may have been designed more than 20 years ago and simply haven’t stayed up to date with technological advancements due to the cost of maintenance or the replacement of software that was originally designed for a now outdated operating system.
An overnight overhaul to the latest operating system isn’t realistic but there are immediate steps that organizations can take to manage their risk. One such example is network segmentation. This involves splitting the network into isolated sections, it allows an organization to ringfence the mission-critical aspects of their network and ensure that even in a worst-case scenario, a minimum safe operational level is maintained.
Segmentation is vital to healthcare because it buys institutions the most precious resource of all; time. Segmented networks slow bad actors down. Essentially, it's the difference between giving hackers free rein or ensuring they are stopped and blocked at every juncture. While the most desirable outcome is to prevent cybercriminals from gaining entry altogether, it’s equally important to ensure that in instances of a successful attack, they are not given the red-carpet treatment to all corners of a network. The average time it takes to completely halt a ransomware attack in a well-segmented network is four times quicker than in a network that is not segmented. In healthcare, the speed of a successful response can quite literally be a matter of life and death.
Preparing for the future
IT and security teams are facing an uphill battle, it’s never been easier for amateur cybercriminals to launch attacks and cause disruption. And that’s largely why we’re seeing a rise in attacks and hacktivism both in Europe and on a global scale.
The recent Synnovis attack underscores the importance of robust cybersecurity measures to prevent attacks in the first place, as relying on post-attack solutions is neither feasible nor desirable. It’s imperative that healthcare institutions are empowered to tighten up their defenses by addressing key vulnerabilities.
Alongside securing infrastructure, healthcare institutions must provide the tools for employees to work safely and securely. Organizations have a duty of care to protect their employees and this extends to ensuring they can spot phishing attempts and cyber attacks in their early stages and block the user’s request if they do click on a malicious link. Training and refresher sessions must happen all year round. Attackers rely on and exploit complacency at the entry point.
Another clear step that every healthcare establishment can take is to implement the “assumed breach” approach. Unravelling attacks are intensely stressful situations but panic mustn't set in. Operating under the assumed breach mentality helps to manage this. It’s an approach that ensures constant pragmatism and is a core tenet of Zero Trust - the network security strategy based on the philosophy that access is never granted unless it is explicitly deemed necessary. In the healthcare setting, organizations must operate under the ‘never trust, always verify’ strategy. This limits the lateral movement of a cybercriminal once they force access and also makes it easier to ensure compliance with micro perimeters around sensitive data.
As healthcare institutions are increasingly finding themselves in the crosshairs of cybergangs, cybersecurity must be treated as an operational necessity.
We list the best medical practice management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
