In recent years, healthcare has increasingly been targeted by hackers. This is favoured by the pandemic, during which hospitals and other medical facilities, which were the first front in the fight against COVID-19, have gained importance.
Data leaks, system blocking and file encryption along with high ransom demands are becoming more and more frequent, also in Poland. They can lead to paralysis of operation and enormous losses and put the lives and health of patients at risk.
Healthcare is one of the critical sectors of public services. The threat from cyber criminals increases with the development of digital technologies.
Attacks targeting critical infrastructure such as a hospital threaten the safety, performance, reputation and economy of hospital organisations by compromising patient privacy, research results and financial resources.
“There are two dimensions to the cybersecurity of hospitals and healthcare entities in general. Classically, this is primarily associated with the protection of information.
Data on diseases are sensitive and crucial in the information processing layer” explains Jędrzej Bieniasz, cybersecurity expert at the Department of Cybersecurity at the Institute of Telecommunications, Warsaw University of Technology.
The second dimension is business continuity – for example, will a machine that supports life continue to run smoothly and not be attacked. In this dimension, the possibilities of cyber attacks are observed, but for now we treat them a bit as possible scenarios, more as an issue that we have to think about.
More cyberattack incidents in recent months
Healthcare organisations have seen a significant increase in cyberattack incidents in recent months. During the COVID-19 pandemic, the European Union Agency for Cybersecurity (ENISA) observed a 47% increase in cyber attacks on hospitals and healthcare networks, and according to CheckPoint Research specialists, healthcare is currently in the fifth place among sectors exposed to hacker attacks.
According to the company’s latest report “2022 Cyber Security Report”, in 2021, attacks directed at hospitals and medical laboratories increased by as much as 71 percent worldwide. compared to the 2020 level. The average weekly number of attacks in the health sector in global terms is 830.
Experts from Check Point Research reported already in 2021 that at the end of last year, hackers attacked the health care system in one of the Canadian provinces, which was the most dangerous incident of this type in the history of the state. The business disruptions continued for several days.
Cyberattacks also happens in Poland
Cyberattacks also happen in Poland. For example, in February this year. The health care facility in Pajęczno fell victim to hackers who broke into the IT system and encrypted almost all files, demanding a ransom to unblock them.
A few days later, the information systems of the Polish Medical Air Rescue were attacked, including those used to send information on interventions. The hackers demanded about 1.5 million PLN in ransom.
“For cybercriminals, the most important thing is to get money as soon as possible. Hospitals have become a target in the last two years in the context of the pandemic, health needs and public concern for their own health.
This period made us realise how important these entities are in business continuity and social security” emphasises Jędrzej Bieniasz. “Attackers use this context to coerce hospital owners or decision makers to pay ransom quickly in the event of ransomware attacks.
In this way, the hospital wants to avoid downtime in operation, which would be dangerous to the life and health of patients, leakage of sensitive data, which can result in high penalties under the GDPR and loss of reputation.
Hackers can use such data, for example, to prepare other cyber attacks, for example, birthdays are often used by cyberspace users to create passwords for their systems. We can also talk about trading such information.
These are very niche activities, but we cannot ignore it in the risk analysis of such threats” says the expert of the Warsaw University of Technology.
As he emphasises, along with the increase in the number of attacks and awareness of threats, the better security of systems is also improving. This in turn means that hackers have to be more and more creative and look for new flaws.
However, one of the most serious threats to cybersecurity is still the carelessness of end users of systems and applications, e.g. hospital employees.
Like other Internet users, they are also exposed to attempts of extortion and burglary through, for example, emails of fraudsters pretending to be courier or energy companies, but in their case the consequences can be dangerous for the entire medical facility.
We need to be aware of cyber threats all the time, it is worth having some humility in this, and not be prepared that it does not apply to us” says Jędrzej Bieniasz.
“Being aware of what we protect and why, we can choose from many different means of protection, but the basis for sure is a good configuration of end users’ systems, i.e. disabling unnecessary applications, proper configuration of user accounts.
The second measure is access control to end systems and applications. Here, I would recommend using two-factor or multi-factor authentication. It is one such measure that has a low cost and very high added value for cybersecurity.
It is also worth mentioning the order in the systems in general, from the network point of view. We do not make available to the Internet what we do not need, and what we provide, we configure in the so-called with minimal applications and open ports, so that these systems cannot act as a gateway to cyber attackers.
This is obviously the backside of technology.