Why is the Healthcare Sector a Target for Cyber Attacks?

Blog contents
    Vector (58)

    Sign up to our newsletter

    Earlier this year, the NHS in the UK became a victim of cyber crime, when computers at hospitals and GPs surgeries around the country were among tens of thousands hit in almost 100 countries by malware that appeared to be using technology stolen from the National Security Agency in the US. The attack blocked access to any files on a PC until the demanded ransom is paid. This resulted in many hospitals having to cancel or delay treatment for patients.

    In fact, TrapX Labs, a division of TrapX Security, reported a 63% increase in cyber attacks on the healthcare industry for the period between January 1, 2016 and December 12.

    There are several key reasons that make hospitals and healthcare premises a target for criminal cyber attacks, these include:

    1. Longer shelf life of personal records – this covers personal details, medical records, insurance details etc. making these types of locations particularly attractive for identity theft
    2. When the above point is coupled with the fact that a medical record is worth 10 times more than a credit card number, the attractiveness increases
    3. Loss of IT systems in a hospital is a matter of life and death – this makes hospitals susceptible to blackmail. It’s one thing to close a business for one day; it’s entirely different to force a hospital shutdown.
    4. Compromising healthcare IT is often easier than in other sectors due to underinvestment in cyber protection and staff training
    5. Introduction of remote access systems and tools, such as telemedicine, remote patient monitoring etc.

    Typically, as an industry, there is a focus on two core aspects: Cyber Protection and Patient Safety, with the latter being the priority, largely because this is where most of the regulation sits, meaning technology vendors are obligated to ensure patient safety but are not necessarily encouraged to implement or update cyber security features.

    It is critical that the healthcare sector prioritises cyber protection and the safety of personal stored data, ensuring devices, systems and data is as secure as it can be. Many hospitals are already examining various ways to mitigate the risk of a cyber attack, with one method being to store personal patient information off-site in real time and create backup systems so that if a system is locked down or subject to ransomware, it can immediately switch to another backup system.

    Hospitals and healthcare facilities should also share information about attacks and other incidents, so that if one is hacked, other institutions know how to prevent it. We are all working towards the same goal; safer and more resilient facilities for our patients and staff.

    Read more about the Restrata approach to cyber security here or if you would like to discuss your requirements with a member of the team, please contact me directly

    Read our latest insights

    Feature image for the blog How situational awareness software is improving workforce safety by Justin Vaughan

    How situational awareness software is improving
    workforce safety 

    Every industrial organisation around the globe promises that the safety of its people and the environment are its...

    Feature image for the blog digital situational awareness by Simon Marwick

    What Incident and Risk Management can teach us
    about Collaboration

    Incident and risk management relies heavily on incident management plans, risk policies, and company-wide situational awareness.

    Feature image for the blog digital situational awareness by Justin Vaughan

    ​​How digital situational awareness tools are improving HSE manager insights

    HSE managers face an overwhelming raft of challenges to keep people, the environment, and assets safe. Whether energy…