With the scale and complexity of cybercrime increasing, and the fact that hospitals are moving toward digitalization and remote patient care, the number of cyberattacks on healthcare systems will continue to increase, says GlobalData, a leading data and analytics company.
Urte Jakimaviciute, MSc, Senior Director of Market Research at GlobalData, comments: “Since the emergence of electronic health records, hospitals have been labeled as an attractive target for cyberattacks due to the interconnectedness of hospital operations, multi-institutional data sharing, the lack of appropriate safety measures and outdated information technology infrastructure. Hackers will continue to target vulnerable systems as long as there are profits to be made: from selling the stolen patient’s data to holding the healthcare systems hostage until the criminals’ demands are met.”
In April 2017, a cyberattack of New York’s Erie County Medical Center (ECMC) brought down the hospital’s computer systems with hackers demanding nearly $30,000 worth of bitcoin as ransom, which the hospital refused to pay. The ECMC estimated that the expenses tied to the incident nearly totaled $10m. In May 2017, the WannaCry ransomware attack on the UK’s National Health Service (NHS) hospitals caused widespread disruption to health services, with more than one-third of NHS trusts affected. The cost of the attack to the NHS was estimated to be over $100m in disruption to services and IT upgrades.
Jakimaviciute continues: “Any attack similar to the ones that caused disruptions in ECMC or NHS in 2017 now could be catastrophic. The surge in COVID-19 cases has caught the healthcare systems unprepared, and an increase in working-from-home, telemedicine and virtual care has made the healthcare system very vulnerable to attacks.”
A recent cyberattack on the University Hospital of Brno, which has one of the country’s biggest COVID-19 testing labs, forced the facility to shut down its entire IT network. The incident was considered severe enough to cause the delays in surgical procedures and require staff to relocate some critical patients to other hospitals.
Jakimaviciute adds: “Hackers are able to quickly identify which hospitals are under a lot of pressure or do not have sustainable contingency plans to deal with such attacks, and they will take advantage of that. Currently, the healthcare organizations devote just a small fraction of their budgets to implement cybersecurity measures. Nevertheless, due to the COVID-19 outbreak, the uninterrupted functioning of health services becomes more important than ever meaning that everything related to IT security cannot be neglected. This includes not only investing in IT and cybersecurity systems but also setting up contingency plans and training the staff.
“It is essential for organizations to be prepared for system disruptions caused by cyberattacks and the need for these strong cybersecurity measures will remain even when the pandemic ends. Cyberattacks will continue to rise and evolve together with the expansion of technologies, bringing on an increased number of challenges and threats.”
