Cyber attacks are one of the biggest threats facing healthcare systems

/in


An increase in cyber attacks on the healthcare sector is jeopardising patient safety, and prompting some governments to publish new cyber security standards.

Publicly disclosed global cyber security breaches between January and September last year showed that the healthcare sector suffered more attacks (241) than any other sector, ahead of government (147), and information technology including software, hardware and IT services (91), according to research by Omdia, a technology research provider.

The most common type of cyber breach in healthcare was hacking, followed by supply chain attacks, “phishing” (where cyber criminals pose as legitimate organisations to trick people into disclosing passwords and payment details), and “ransomware”, in which hackers use malicious software — “malware” — to encrypt data until the victim pays a ransom to unlock it.

“The healthcare sector is such a tempting target [for cyber security criminals] because . . . you can put lives at risk,” says James Lewis, a cyber security expert at the Center for Strategic and International Studies, a US think-tank.

The UK’s National Health Service has been hit by significant ransomware attacks. In 2017, the “WannaCry” attack is estimated to have cost the NHS £92mn and caused the cancellation of 19,000 patient appointments. Another hacking, in 2022, took down the non-emergency 111 service, and disrupted management systems for mental health services and emergency prescriptions.

Cyber attacks on hospitals in Germany and the US have also disabled their systems — forcing them to reschedule some procedures and temporarily divert patients to other facilities until the systems were brought back online.

And, in another case, in Finland, the confidential records of thousands of psychotherapy patients were hacked and leaked online — with others blackmailed to keep the data private, according to reports in the national media.

“Almost every hospital CEO I speak to . . . now [says] that cyber risk is their number one or number two enterprise risk issue,” says John Riggi, national adviser for cyber security and risk at the American Hospital Association (AHA), which…

Source…