As technology rapidly advances, the debate around cybersecurity rages on. From cyber attacks launched by individuals to cyber warfare sanctioned by enemy states, all major industries are at risk. The health sector is no different. In fact, attacks increased during the pandemic and a cybersecurity incident affected 67% of healthcare providers in 2020. An IBM report found that a data breach in the health sector could cost $7.13million and it may take as long as 329 days to identify and contain. People need good health to flourish and the sector is a fundamental part of our society, economy and development. This makes it essential that we understand and prevent cyber risks to protect our vital services.
Why is cybersecurity an issue in healthcare?
Right now, the NHS is suffering from a cyber attack. Patient data is at risk, staff can’t access notes and crucial IT systems are down. Most famously, the WannaCry outbreak in 2017 affected hospitals, GP services and primary care organisations all over the UK. Why? Cybercriminals seek to gain monetarily from gathering confidential data. More sinisterly, malicious parties may also want to prevent health services from functioning to damage a country and cause national crises.
What is the biggest threat to security of healthcare?
Our working world, including the health sector, has undergone dramatic changes. With more people working from home, more people are accessing sensitive data from their homes. Downloading this data on mobile phones, other devices and on personal broadband networks is often less secure – leaving organisations susceptible to cyber attack. Using unsecure medical equipment acts an easy target and unsophisticated or outdated computer software is more prone to attack. Without specialised security software, adequate policies and training for staff on best practices, organisations are at risk.
What are the most common cyber attacks in healthcare?
- Phishing scams
- Data breaches
- Malware
Phishing scams
Phishing scams are seemingly innocuous and convincing messages or emails that contain a malicious link. Once clinked, users are prompted to enter personal details and security information that hackers can use to access healthcare systems. Using security software may block the majority of these emails while educating colleagues on phishing can increase vigilance.
Data breaches
Health sector organisations gather and hold sensitive data that they must protect and adequately secure. A data breach occurs when information is obtained from a system without authorisation. Deliberate hacking is the most likely cyber attack. However, data may be stolen from a third-party system, leaked by an inside source, gathered from stolen cards and devices or unintentionally disclosed. Poorly storing vulnerable data leaves gaps for hackers to exploit but the introduction of strict GDPR practices has helped to reduce this.
Malware
Malware is designed to cause damage to a targeted system. There are various types – viruses infect a computer, adware displays unwanted popups to the user while spyware allow cybercriminals to monitor private activity. One of the top cybersecurity threats in healthcare is ransomware. This form of malware blocks an individual user or whole organisation from accessing files. In healthcare, these files could contain private communications, patient data and key security information. Those responsible for the malware encrypt the files and demand a ransom payment, often cryptocurrency, in return for a decryption key.
How do cyber attacks affect healthcare?
Healthcare is a vital element to a functioning, healthy and safe society. If a healthcare organisation is targeted by cyber attack, it can cause fast-acting and dangerous consequences.
Data theft
If data is illegally obtained during a cyber attack, staff, patients and their families can be targeted. Their data may be leaked, sold on, or worse, it could be used to falsify documents and commit crime.
Disruption to services
After the pandemic, we’re acutely aware of the pressure our health service is under. It’s a fast-paced industry with advanced technology and interconnected systems that cannot withstand downtime. A cyber attack could cause partial or total disruption which would prevent clinicians from providing vital care to their patients. This can result in poor health outcomes, loss of life and widespread panic.
Financial losses
If healthcare providers succumb to ransomware, they may have to pay to re-access to the encrypted files. If services are blocked or disrupted by malware, this results in significant financial cost through wasted time and resources. Those affected by data breaches may also seek legal action and financial compensation from the organisation.
Reputation damage
If healthcare providers cannot safely store our data, their reputation is damaged. Patients will lose confidence and trust as they worry about the organisation’s ability to securely store their information.