Cybersecurity is absolutely imperative in healthcare. In a piece for Digital Health, Sagar Randhe from Global Market Insights, explores why cybersecurity could serve as an important tool for digital transformation.
Since the onset of the Covid-19 pandemic, advanced technologies have become critical solutions being leveraged by the healthcare industry to improve patient outcomes and save lives. Medical IoT, specifically, has gained monumental popularity, given its massive contribution to burgeoning trends like remote patient monitoring and DCT (Decentralized Clinical Trials). According to Forbes’ statistics, over 646 million IoT devices were in use across clinics, hospitals, and medical offices in 2020.
However, despite numerous benefits in terms of speed and efficiency demonstrated by the rise of technology, the shift to digital has unearthed several risks to healthcare cybersecurity in recent years, making companies as well as their patients vulnerable to targeted online attacks. Healthcare IoT devices, for instance, while advantageous in terms of operational efficiency and patient care, are increasingly being used as gateways by hackers, to gain access to sensitive patient data.
Global trends in cybersecurity threats and what is driving them
The “new normal” brought forth by the coronavirus crisis since it took hold in 2020 created economic upheavals at unprecedented levels, while simultaneously accelerating the transition into the digital era. Unfortunately, this shift, which involves a surge in work from home trends and widespread digitization of society has unearthed myriad opportunities for hackers, phishers, and other cybercriminals to prey on vulnerable targets online. From a rapid expansion of the cyberattack surface to an ever-increasing variety of cybercrime activities cropping up, several trends have become apparent in recent years, particularly in cybersecurity for healthcare.
However, the most common, and perhaps the deadliest threat among these of late is the rise of ransomware. During the Covid-19 crisis, ransomware, which has been in existence for nearly two decades, became the weapon of choice for many hackers, mostly for its ability to facilitate easier financial rewards. According to a Deep Instinct study, ransomware attacks grew by 435% in 2020 from 2019, cementing its position as a major cyber security issue.
This trend is being further exacerbated by the fact that cybercriminals are becoming more sophisticated and advanced in their exploits, through the use of technologies like machine learning and AI. Artificial intelligence has gradually been making its mark as a cybersecurity solution, counteracting attacks by identifying behavior patterns that indicate anomalies in operations. Yet artificial intelligence has become somewhat of a double-edged sword lately; as attackers become more cognizant of the technology’s benefits to cybersecurity, newer threats are coming to light that use technologies like AI and ML to dodge cybersecurity protocols.
Ransomware is emerging as a particularly alarming prospect for the healthcare cybersecurity industry, as AI-powered cyberthreats like RYUK become prominent. RYUK is a lateral-moving ransomware form that spreads rapidly once introduced into the system/network of an organization, after which it begins to encrypt specific files, based on information gathered through complex AI algorithms. This ransomware has become an especially deleterious cyber security issue in healthcare, having caused additional costs worth more than £50.8million ($67million) for the entire healthcare industry in 2021 alone.
In May 2021, the Department of Health and Health Service Executive (HSE) of Ireland fell prey to a deadly Conti ransomware attack that resulted in a nationwide shutdown of its IT systems. Before this, in February, two hospitals in France’s Villefranche-sur-Saône hospital complex faced a similar RYUK attack, which prompted the transfer of patients to other facilities.
These threats shed light on the inherent and evolving vulnerabilities in the European healthcare cybersecurity landscape, bringing forth an important question; why are medical organizations such an enticing target for cybercriminals?
One of the main reasons behind this is the ease largescale healthcare systems provide to hackers in moving across geographic sites once they have infiltrated a system. Healthcare facilities, especially in the modern era, are highly reliant on centralized networks that help them create a digital infrastructure and connect to medical devices and equipment embedded with IoT sensors. Using tactics as simple as phishing emails, hackers can gain access to these networks, work their way through the system and take control of sensitive and private data.