The healthcare industry is constantly evolving as it utilizes new technology to improve patient care. While advances in technology enables the creation and provision of advanced life-critical treatments, they also create potentially dangerous vulnerabilities that cyber criminals have learned to exploit. Healthcare cybersecurity continues to experience issues including data breaches, ransomware, and DDoS (distributed denial of services) attacks, creating difficulties in the ability of organizations in the industry to provide care for patients.
How Does Cybersecurity Affect Healthcare?
The vulnerability of healthcare cybersecurity is partially rooted in the amount of available information that can translate to high dollars for cyber thieves, including sensitive health data, payment information, intellectual property, and personal identification data.
WannaCry Ransomware Attack
A frightening example of the serious nature of ransomware on healthcare cybersecurity was the May 2017 WannaCry attack, which affected healthcare technology in 150 countries. This virus caused a mass disruption to the healthcare industry, resulting in diverted ambulances and canceled surgeries. Recovering from the WannaCry incident is ongoing with a price tag of almost $4 billion, which is just shy of the $4.9 billion total mitigation cost of all 2020 ransomware incidents combined.
Can Cybersecurity Cost People Their Lives?
While cyber crime is not unique to the healthcare sector, most other industries do not suffer from the same consequences following a cyber attack. A ransomware scheme may result in a privacy breach, financial loss, and potential public relations nightmare for a credit card company, but a similar attack can lead to loss of life when it occurs at a hospital. A ransomware virus can hold medical records hostage or block access to critical medical devices, hindering the ability to provide needed care to patients. If a hacker gains access to personal patient information, the data can be permanently lost or altered, resulting in serious ramifications for patient outcomes.
First Confirmed Death From a Cyberattack
In September, 2020, a ransomware cyberattack in Germany crashed computer systems at University Hospital, forcing the institution to re-route emergency patients to other hospitals. A woman with a critical medical condition was turned away and died while traveling 20 miles to the next closest facility.
What Is the Current Risk?
Healthcare organizations are increasingly agreeing to pay ransoms to cybercriminals, despite the FBI’s insistence that this is bad practice. The rising likelihood of receiving a payout has made criminals bolder, and their financial demands have increased by millions as a result. The heightened reliance on technology during the pandemic, along with the increased number of hospital patients and historic level of importance assigned to medical care, further encouraged criminals to seize the opportunity for profit. Combined with the traditionally low priority placed on cybersecurity, the risk for loss from cybercrime in the healthcare sector remains high.