The FBI has recently warned of a spate of cyberattacks and data extortion efforts by the Hive ransomware group, particularly focusing on the health and public health sectors. Hive actors have successfully exploited more than 1,300 companies globally, just this year, receiving approximately $100 million in ransom pay-out.
Comparitech recently released some related research looking at the true cost of ransomware on healthcare organisations over the past 4 years. It highlights how the ransomware pandemic is only getting worse, and how threat-actors have targeted healthcare organisations specifically, aware of the fact that any downtime could cost lives (in the worst-case scenario.) The research showed that:
- The majority of attacks aimed to stop processes, interrupt services and cause disruption as opposed to stealing data.
- 330 individual ransomware attacks were conducted on government organisations, with 2019 seeing the highest number (35 % of all attacks)
- 523,942 individuals records were affected between 2018 and 2022.
- Ransomware amounds varied from $1,000 to $5.3 million
- Hackers received $5 million in payments from 27 of 72 cases.
- On average, government organisations lost 17 days to downtime.
- The overall cost of these attacks was estimated to be $70.4 billion.
These stats underline the urgency of implementing sufficient security measures to protect the business and patients. It’s no longer a matter of ‘if’ an organisation will be attacked but a ‘when’.
The post pandemic world has seen regulatory changes that have enabled more virtual and remote care programs to continue, which are leading to more distributed environments with more devices that are at risk. In tandem, healthcare IT is being tasked to address many of the same challenges facing healthcare – high costs, staffing shortages, aging populations. Therefore, healthcare organisations are confronted with not only staffing clinical roles, but IT roles as well. Expectations are higher than ever for IT, but harder to recruit and retain the talent to implement and secure, a more distributed connected environment – and the bad actors are fully aware and exploiting the situation, as evidenced by the Comparitech research.
There’s little doubt that connected care is the future but there are potential threats that exist within every connected device – the elevator controls, the security cameras, the HVA and the medical devices. A consolidated view is essential to protect these devices, which gives an overview of where they are, what they’re doing, and what updates are needed to keep intruders at bay. Our own research of NHS Trusts in England showed that 41% of Trusts that responded to a Freedom of Information request noted that they did not have a real-time risk register of all assets connected to their networks, further highlighting the scale of the problem.
And while big tech and big retail are making large investments to disrupt the healthcare industry, revenue-challenged healthcare organizations need to find ways to meet the levels of IT security investments seen in other industries in order to keep up with patient and regulatory demands.
The stakes for the healthcare industry when it comes to security are high and growing, as reflected by this study. In addition to costs, it’s also important to understand what’s driving the increase in risk. One source in particular, the widespread adoption of digitalization, represents the biggest driver of risk — it has accelerated the rate of cybersecurity threats within the healthcare industry. Digital value-added capabilities have brought new and innovative opportunities for healthcare services, but at the same time, these initiatives have also expanded the attack surface. Personal and sensitive healthcare data must be shared across numerous modern healthcare apps to enable services, such as remote access to health records, online medication ordering, and appointment scheduling. Healthcare data is continuously being exchanged with patients, insurers, pharmacies, and other providers. All of these apps run on application programming interfaces (APIs) that trigger millions of API calls to operate, increasing cyber threats. Because attacks against APIs are different from typical application attacks, healthcare companies are not well protected against these new risks.