The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
The threat of cyber-attacks in the healthcare sector began as an important risk several years ago, putting the safety of patients at risk. This paper looks at malware attacks targeting healthcare organisations in the U.S. in the period 2016-2017.
Abstract: Malware attacks against healthcare organisations in the United States started in 2016. During these malware incidents, hackers can lock users out of their own network to gain access to information or to hold the organisation to ransom. With the increase in medical technology and the need for access to this information to provide critical care, this type of incident has the potential to put patient lives and safety at risk.
Methods: A content analysis was conducted to assess the trend of attacks on healthcare organisations, using data from the U.S. Healthcare IT News and Becker’s Hospital Review to collect all publicly reported malware attacks against U.S. healthcare organisations between 2016 and 2017. A logic diagram was also developed to illustrate how hackers gain access to a healthcare network using malware.
Results: 49 cases of malware attacks against U.S. HCOs were identified. The attacks occurred across 27 states, and they took place over 18 months. Six of the organisations reported paying ransom, whereas 43 organisations did not pay or did not report payment to the press. Impacts of these attacks range from network downtime to patient and staff records being breached.
Discussion: Malware attacks have the potential to impact care delivery as well as the healthcare facility itself. Even though this study identified 49 malware attacks, we know this number is significantly higher based on data from HIMSS and the FBI. A reporting loophole exists in that hospitals are only required to report attacks in the case of breached protected health or financial data. For HCOs to fully understand the risk cyberthreats pose, it is important for attacks to become public information and for lessons learned to be shared. Future research reviewing identified attacks could help identify best practices for the healthcare industry to better prepare for cyberattacks.
PANACEA Perspectives: This paper highlights the importance of tackling cybersecurity threats in healthcare where sensitive patient data is at risk of misappropiation while also jeopardising the safety of patients and a hospital's ability to deliver care. It also highlights the need to share more information about cyber-attacks, which is also a top priority for EU cybersecurity policy.
Lookout Watch Entry Date: 07/08/2019