Hackers love healthcare
We’ve been talking about robotic surgeries, cutting-edge AI-enabled technology, and digital consultations and appointments to improve patient care. But where is the imperative in such healthcare systems to ensure that patient data are protected?
Recent incidents have proven that healthcare is a beloved target of hackers both for ransomware and malware. Take Ramsay General de Santé and Eurofins ransomware attacks in 2019 or Babylon’s GP video appointment app data breach in 2020 and the most recent one, Fullerton’s vendor Agape Connecting People Holdings data breach. What have we learned from such attacks?
Well, they can be costly. The Eurofins ransomware, for example, cost it €64m in H1 2019 revenues (3%) and €52m in EBITDA (14%). At the time it said: “the exact revenues and profits that were lost during the month of June will unfortunately never be known.”
The infamous WannaCry ransomware attack on NHS systems in 2019 cost it over £100m to restore services, not forgetting the 19,000 appointments it had to reschedule.
Ransomware attacks cost healthcare organisations $20.8 bn in downtime in 2020, says a report cited by CynergisTek. That’s double the amount it cost in 2019. An IBM report states that data breaches in the healthcare industry cost an average of $9.23m.
Security issues also land with huge reputation risk. German-telehealth company Ada lost a large contract with statutory insurance company Techniker Krankenkasse (TK) 2019 after concerns about how its data leaked to third parties including Facebook, although this was not caused by a cyberattack.
What have we learned from the most recent one that affected Fullerton’s patient data? Interestingly, The Straits Times said 400k customer records were put up for sale on a hacking forum for U$600 in Bitcoin. Third-party vendors can be a weak point in cybersecurity – they increase weak links in the value chain, something that attackers are constantly scanning and looking for to cause damage.
But what really makes healthcare a target for hackers? Healthcare is a critical industry so cannot be offline for long periods of time, sometimes it is forced to pay hefty ransoms rather than suffer disruptions. The other reason: healthcare IT relies on legacy systems and is geographically dispersed, which multiplies opportunities for cyberattacks.
A survey last year of 269 European healthcare CxOs by Siemens Healthineers, found that most providers thought that their cybersecurity measures were above the regional average. The increasing scope, quality and intensity of attacks across the whole supply chain means that many can’t afford to be so sure of their own systems.
We would welcome your thoughts on this story. Email your views to Zinovia Fragkiadaki or call 0207 183 3779.
