How cyberattacks are crippling healthcare infrastructure (..and what you can do about it)

A primer on the surge in cyberattacks on healthcare infrastructure during conflicts, emphasising the need for robust cybersecurity measures to protect patient data and ensure its functionality

The healthcare industry has been experiencing a surge in cyberattacks, with shocking statistics revealing that around 24% of all cyberattacks in 2019 were targeted towards the healthcare sector. Sadly, between 2014 and 2016, almost 90% of hospitals and clinics experienced at least one data breach, with 45% of them experiencing at least five. Furthermore, the number of healthcare-related data breaches reported annually in the United States has more than tripled over the past decade. However, it's worth noting that many data breaches occur without being officially reported as regulations mandate disclosure only for significant breaches involving 500 or more records.

International conflicts often involve cyberattacks that aim to disrupt the medical services of a target country, manipulate medical devices to harm citizens or obtain confidential information that can be used against the target. However, only a small portion of attacks, around 4%, involve espionage for gathering sensitive data. In some cases, attackers may also target healthcare systems for propaganda purposes. For instance, in 2017, ISIS hacked into the UK's National Health Service (NHS) website to share images from the Syrian civil war as part of its propaganda efforts. State-sponsored cyberattacks that cross international borders pose significant challenges as they are often difficult to trace and can go undetected for extended periods.

The healthcare industry is vulnerable to cybercrime due to its increasing reliance on technology and possession of critical data. Cyber attackers target healthcare organizations for financial gain or political motives. The shift to digital devices and cloud services has introduced new cybersecurity risks, and the security assessment of numerous devices poses a challenge for healthcare facilities.

Types of cyberattacks?

Cyber attackers may target hospitals on three distinct levels: primary, secondary, and tertiary. Primary-level infiltration involves an attack that directly affects a hospital's patients. Secondary-level infiltration indirectly impacts patients, without direct harm, and may reinforce primary-level incidents. Tertiary-level infiltration expands to target a hospital's infrastructure, including supply networks, electrical grids, or financial management.

The healthcare industry witnesses two types of theft: internal and external. Internal theft occurs when people within the medical community compromise the system, while external theft involves hackers stealing patient data for financial gain. Malware and phishing techniques are used to compromise entire systems, making it challenging to establish an effective data security system. Mobile and cloud technology adoption has amplified risks, with many healthcare organizations reporting compromises involving mobile devices. The proliferation of interconnected devices and sensors in the Internet of Medical Things (IoMT)has contributed to the surge in cyberattacks. Healthcare organizations must prioritize cybersecurity and adopt proactive measures to protect sensitive patient data. Cyber attackers can use drones to infiltrate health infrastructure from up to 10 meters away. This "Drone-in-the-Middle" attack involves de-authentication, an "evil twin" attack, and WiFi phishing to obtain healthcare providers' credentials and access hospital networks for malicious activities.

The gold mine : Commercialisation of healthcare data

The commercialisation of healthcare data is a growing concern, and cyberattacks on hospitals can lead to significant financial consequences. Sadly, 20% of such attacks result in financial harm. Healthcare is the industry that incurs the highest costs dealing with data breaches, averaging a staggering $7.13 million worldwide, compared to the global average of $3.86 million across all industries. This trend has remained unchanged for the past decade in the United States, and costs are becoming even more expensive, with a 10.5% rise in just two years. Cyberattacks have a significant financial impact on healthcare organizations, including emergency protocols, ransom payments, legal fees, PR expenses, system repair, financial losses, cancelled medical appointments, cybersecurity system alterations, fines, and more. Additionally, data breaches erode customer trust, making recovery particularly costly for the healthcare sector.

Healthcare data breaches are a significant concern, with 21% of all breaches involving the healthcare sector. Therefore, it's vital to prioritize cybersecurity measures to protect sensitive patient data and prevent cyberattacks that can have severe consequences for the healthcare industry. In addition to data loss, healthcare organizations also face operational disruptions when attacks occur. For example, the ransomware attack on the UK's National Health Service (NHS) in 2017 led to widespread disruptions, including cancelled patient appointments and operations.

Protections under international law

According to International Humanitarian Law (IHL), civilian objects are protected from attack, unless they are military objectives as defined in Article 52(2) of Additional Protocol I (AP I). Certain infrastructures are granted special protection, including medical facilities, installations containing dangerous forces, cultural objects, places of worship, and the natural environment. Medical personnel, whether part of military or civilian medical units and establishments, enjoy special protection under IHL. This protection is outlined in the Geneva Conventions (GC I, Articles 19, 20, and 35; GC II, Articles 22 and 29; GC IV, Article 18) for civilian infrastructures and in Article 12 of AP I. The definition of protected medical units and facilities can be found in Article 8 of AP I. International Humanitarian Law (IHL) applies to cyberspace, and it covers all forms of warfare and weapons. The UN has endorsed a report by the UN Group of Governmental Experts (GGE) highlighting the applicability of IHL in cyberspace. The report aims to establish a framework for responsible state behaviour in cyberspace, consisting of 11 norms aimed at reducing risks to international peace and security.

Cyberattacks on healthcare infrastructure and nation-states

The healthcare sector is increasingly targeted by cybercriminals. In May 2018, over 1,200 violent incidents were reported against hospitals and medical personnel across 16 countries, with hackers also targeting healthcare infrastructure. The WannaCry ransomware attack, attributed to the North Korean Lazarus Group, infected 200,000 computers globally, causing disruption to the NHS in the UK and costing ￡92 million.

Nation-state cyberattacks on critical infrastructure are increasing. Hospitals and medical facilities are vulnerable to attacks due to legacy systems and a wide attack surface. In 2020, Russian e-crime groups increased ransomware attacks against hospitals, with ransom demands reaching millions of dollars. In addition to vaccine disinformation, cyber operations directly targeted vaccine research and public vaccination efforts. These operations included "vaccine espionage" against research facilities and other institutions involved in vaccine development.

Healthcare workers in political environments face risks related to their data being targeted by state or non-state groups. Identifying individuals online and using that information against them could be employed to intimidate healthcare workers providing aid to opposition groups or those seen as opposition. Patient data sensitivity is a concern. Healthcare facility records may be accessed to identify targeted groups for persecution. This could affect individuals persecuted based on factors like LGBTQ+ identity, nationality, race, or sensitive medical information. Attacks on hospitals could lead to patient fatalities, highlighting vulnerabilities in the healthcare sector.

Actionable steps for impact entrepreneurs

The healthcare industry faces a growing threat: cyberattacks on critical infrastructure. These attacks can disrupt operations, compromise sensitive patient data, and even lead to patient harm. As an entrepreneur, one has a unique opportunity to play a vital role in safeguarding this essential sector. We suggest impact entrepreneurs begin with these four steps -

1. Prioritise robust cybersecurity practices: Hospitals are often overwhelmed with day-to-day operations, leaving cybersecurity vulnerabilities unaddressed. Entrepreneurs can offer innovative solutions that help healthcare facilities improve their cybersecurity posture. This could include developing user-friendly tools for staff training on cyber hygiene practices, creating automated systems for data encryption and backup, or providing vulnerability assessments tailored to the specific needs of hospitals.

2. Foster collaboration for collective defense: Cybersecurity is a complex challenge that requires a multi-pronged approach. Entrepreneurs can step in to facilitate collaboration between different healthcare stakeholders. Develop platforms that enable secure communication and information sharing between hospitals, health service operators, and government agencies. This collaboration will allow them to share best practices, identify emerging threats, and coordinate rapid responses to cyberattacks.

3. Bridge the tech gap with innovative solutions: Legacy systems and outdated technology create security vulnerabilities in healthcare facilities. Entrepreneurs can identify these gaps and develop innovative solutions. This could involve creating cloud-based healthcare platforms that are inherently more secure than on-premise systems, or developing secure mobile applications for patient communication and data management.

4. Partner with manufacturers and health IT professionals: The cybersecurity of healthcare systems depends on the security features built into medical devices and software. Entrepreneurs can collaborate with medical device manufacturers and health IT professionals to integrate robust security features from the outset. This could involve developing secure coding practices for medical devices or creating software with built-in data encryption capabilities.

The global healthcare industry is definitely under grave threat. Therefore, by prioritising cybersecurity, fostering collaboration, and developing innovative solutions, entrepreneurs can play a crucial role in safeguarding healthcare infrastructure and protecting patient data. The future of healthcare security depends on one’s ingenuity and commitment to action.

-

Do send this newsletter edition to someone you think might be interested in the healthcare sector and in impact entrepreneurship Subscribe to The LOCSTALK Newsletter to get fresh editions straight to your inbox!