April 7 is World Health Day and also marks the founding of the United Nations World Health Organization (WHO) in 1948. The purpose of the WHO and World Health Day is to draw attention to health and wellness issues around the world. To achieve this, long-lasting medical initiatives aimed at expanding care options and finding efficiencies in healthcare will require even closer healthcare and cyber interconnectivity. Existing trends such as reliance on telehealth, user-driven medical, fitness, and nutritional data, and fully digital patient records will make healthcare data more accessible and faster than ever. The counterpart of these advances is a larger cyberattack surface.
Access to confidential information, resIntelligent healthcare services are paramount, and cybersecurity will be critical to meeting the demand for threat protection while maintaining near-complete data availability. Unfortunately, data suggests that healthcare-related organizations are prime targets for would-be cyberattackers, and the costs of successful attacks are rising. A study conducted by the European Union Agency for Cybersecurity (ENISA) analyzed cyber threats from April 2020 to July 2021 and found that the medical and healthcare industry was the fourth most attacked industry among the twenty surveyed (The only groups targeted more frequently were the public/government, digital service providers, and the general public). And according to IBM’s 2021 Cost of a Data Breach Report, the healthcare industry for the past 11 years has had the dubious distinction of suffering the highest data breach costs; the average cost of a data breach for a healthcare organization grew 29%, from $7.13 million in 2020 to $9.23 million in 2021. While not exhaustive, the infographic below gives an idea of how widespread, both geographically and organizationally, healthcare-related cyberthreats have spread. been for the last year or so.
Ensuring the digital security of the networks, data, staff, and patients that make up healthcare networks will be more critical than ever in the years to come. Cyber resilience – the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources – will increasingly be a factor in determining whether patients receive or no timely attention, and in confidential health, the data will be protected. This World Health Day, it is clearer than ever that protecting medical networks and the data they contain is a necessary part of ensuring quality healthcare.
This map shows a sample of the many health-related cyber incidents that took place from the end of 2020 to the present.
- Belgium, December 2020: The largest private laboratory processing Covid-19 tests in Belgium is the victim of a ransomware attack.
- Ireland, May 2021: Ireland’s Health Service Executive (HSE) suffered a massive attack that brought services to a standstill.
- Alaska, USA, May 2021 – Attackers breach the Alaska Department of Health, forcing the Department to take systems offline for weeks during recovery efforts.
- Italy, August 2021: The online covid-19 vaccine registration portal for the Lazio region of Italy is attacked by criminals.
- New Zealand, May 2021 – In what was described as “probably the biggest cyber-attack in New Zealand history”, the networks of the Waikato District Board of Health were knocked offline for weeks as staff resorted to pen and paper to Manage patient case data.
- Ohio, USA, May 2021 – Between May and July, hackers breached the data of a DNA testing company that compromised the personal data of more than two million people.
- Georgia, USA, June 2021 – St. Joseph’s/Chandler hospital system suffers a ransomware attack in which the health information of 1.4 million patients was potentially compromised. The attackers gained access to hospital networks six months before the ransomware lawsuit.
- Ohio, USA, August 2021 – Memorial Health System acknowledged that it reached a “negotiated settlement” after an attack that forced the hospital to divert patients and compromised the healthcare data of more than 200,000 people.
- Australia, October 2021 – Macquarie Health, a system that runs 12 hospitals in eastern Australia, was the victim of a cyber attack. While the attack reportedly did not disrupt support services, several thousand sensitive documents were posted on the Dark Web shortly after the attack.
- Brazil, December 2021: The newly observed threat group Lapsus$ claims to have attacked the Brazilian Ministry of Health, forcing the Ministry’s websites to go offline and leading to the exfiltration of covid tracking data. This attack was followed by a separate attack less than a week later.
- Scotland, March 2022 – A mental health charity was attacked by RansomEXX, demanding a ransom. The charity refused to pay a ransom and some of its data was leaked online.
About EclecticIQ Threat Research
EclecticIQ is a global provider of threat intelligence, search and response technology and services. Headquartered in Amsterdam, EclecticIQ’s threat research team is comprised of experts from Europe and the US with decades of cybersecurity and intelligence experience in industry and government.
We would love to hear from you. Send us your feedback by sending us an email at [email protected].
*** This is a syndicated Security Bloggers Network blog from EclecticIQ Blog written by the EclecticIQ threat research team. Read the original post at: https://blog.eclecticiq.com/cyber-resilience-and-data-confidentiality-are-emerging-components-of-healthcare