Why is the Healthcare Sector Vulnerable to Cyber Attacks?

With new cyber threats being uncovered every day, it’s often difficult for organisations to know where to invest their budget. It is especially difficult for the healthcare sector to mitigate threats when resources are already stretched thin. Staff also have long and busy days and not enough time to put into educating themselves about cyber risks. Unfortunately, the added stress of the current pandemic only serves to heighten the strain on the healthcare industry, not only health wise but security based as well. 

 Three Reasons Why Healthcare is a High Profile Target 

1. Confidential Data: Hospitals store incredible amounts of confidential data that’s worth a lot of money to hackers who can easily sell it to a third party. Often outdated systems used in healthcare facilities also make it easy for someone who knows what they’re doing to breach a system. These are among the many reasons healthcare has become the biggest target for online attacks.  

Since the start of the COVID-19 pandemic, ransomware attacks have soared across all industries, with the healthcare sector being victim to a disproportionate amount of such attacks. Hackers are likely going for the healthcare sector because they know hospitals are likely to pay ransom demands, desperate to get their data back. It is estimated that there is a 75.6% chance of a breach of at least five million records in the next year alone. 

2. Medical Devices: Medical devices are an easy entry point for threat actors, with one purpose in mind such as dispensing drugs or monitoring heart rates, they are not designed with security in mind. Although medical devices themselves do not store patient data, which is ultimately what attackers pursue, they can be used to launch attacks on servers that do hold valuable information. The worst-case scenario pertaining to an attack on a medical device would be a complete takeover by hackers, preventing hospitals from administering life-saving treatment. 

Although hackers know that medical devices don’t contain patient data, they see them as an easy target. They lack the security found on devices like laptops and computers and can provide an entry point for accessing a network, thus allowing them to install malware that can be used to launch all manner of attacks. Keeping network devices secure can help limit the damage that could be caused by an attack on medical devices. 

3. Remote Accessing of Data: Collaboration is key for functionality in the healthcare industry, with different units working together to provide the best care for patients. Those who need to access information aren’t always in one place - often working remotely and from different devices. 

Connecting to a network remotely is risky, not all devices are secure and often healthcare staff are not educated in the best cyber security practices. These factors open up more opportunities for attack. Compromised devices mustn’t gain access to healthcare networks. Even just one hacked device can leave an entire organisation at risk. One option for staff across several locations is risk-based authentication (RBA). This makes risk analysis simple by letting IT staff set up policies that determine the risk of any device based on factors such as the user, their location and so on. Any suspicious activity is flagged up to make sure that patient data is never exposed to unsafe devices. 

Common Threats 

Ransomware: Unsurprisingly, the most common cyber threat to the healthcare industry is ransomware. Encrypting important data and demanding a lump sum of money in exchange for the decryption key is a sure-fire way for cybercriminals to get what they are after. For an industry such as healthcare, data theft is something that they can’t afford; they are more likely to pay the ransom because they are desperate to get their data back. However paying the ransom is never the recommended course of action as there is no guarantee that the data will be restored. It is estimated that the average sum demanded from healthcare institutions is a little over £99,000 (almost $131,000) 

Insider Threats: According to Verizon’s 2021 investigation into Data Breaches, insiders are thought to be responsible for 22% of security issues, and employees exploiting their access credentials are a disturbingly common occurrence in the healthcare industry. Malicious insiders typically commit these acts for financial gain 64% of the time and 17% simply do it for their own amusement. 

DDoS Attacks: Healthcare providers have been the primary target of DDoS attacks since the beginning of the pandemic, with these difficult to detect attacks that can occur from practically anywhere and from multiple sources they often appear to victims as just some internal technological issue. This makes DDoS an apt choice for hackers, who can fly under the radar and do all sorts of damage long before an unsuspecting victim finds out. This can cause a delay of services for patients but luckily DDoS attacks do not meddle with data. In January 2021 over 1,800 attacks occurred but then the numbers continued to decline in the two months following. However, it is still important to secure networks despite lower figures. 

How to Limit Attacks 

The healthcare sector has many priorities higher up on its list than cyber security so oftentimes it’s lacking, leaving valuable assets vulnerable in favour of focusing efforts on physical well being. Since the transition to remote working, cybercriminals have been taking advantage of unsecured devices used by healthcare staff. 

• Understanding Valuable Assets: Identifying the most valuable assets and securing the most salient data should be the first priority for healthcare organisations. Creating backups should be the second, there is no guarantee that once data is secured that it will stay secure. Always have a way to get data back should it be lost 
• System Patching/Updates: A threat report from 2020 revealed that 83% of medical imaging devices run on unsupported or outdated operating systems, making hackers’ jobs easier. They can intercept medical data and images as well as modify or delete valuable information  
• Employee Awareness: A key to securing healthcare institutions is to train all personnel in the essentials of cyber security. Educating employees on how to be vigilant and calculate risks will help organisations avoid breaches. Human error is more common than anyone would care to admit 

Sadly, no industry has been more affected by cybercrime than healthcare. Each year millions of pounds are stolen or used to pay ransom demands and the figures continue to escalate. It is inconceivable to think that patients have been unable to receive the appropriate care in a medical facility because of a ransomware attack. Threats such as these can destroy an industry if precautionary measures are not taken. However with the right investments made data can be protected and attacks can be prevented. It is much easier to fend off an attack than recover from one.