One of the greater cyber attacks sanitary of history occurred in February of this year 2024. And it highlighted the vulnerability of the health sector. Change Healthcare, a company that processes medical payments and prescriptions in the United States, suffered an attack by the Blackcat ransomware group, which prevented hospitals and medical centers from issuing prescriptions, receiving payments and performing other critical functions.
This case is one of many that occur in the health sector. And this area has become one of the main targets of cybercriminals in recent years. According to the study carried out by ENISA (European Union Agency for Cybersecurity), the European Union agency entrusted with the mission of ensuring a high common level of cybersecurity throughout Europe, on cybersecurity threats in health in the EU, This sector records 8% of cybersecurity incidents. This places the health sector behind public administration (19%), but ahead of other sectors such as banking (6%), transportation (6%) or energy (4%).
Other reports, such as Sophos' report on the state of ransomware in healthcare in 2023, show that the rate of ransomware attacks in the healthcare sector was 60%. This index reveals that, practically, These attacks have doubled compared to 2021 when 34% were notified.
The reason why the healthcare sector is a recurring target for cyberattacks is simple– Hospitals and providers store critical and private patient information. In fact, healthcare providers are the most affected, accounting for 53% of total incidents. And, although hospitals rank lower, with 42% of reported cases, they are often more vulnerable.
This vulnerability is one of the factors that have increased cyber attacks, but not the only nor the most important one. “Healthcare companies are more likely to pay a ransom when their information is compromised. Because there are lives that depend on it, because They operate a highly regulated environment for data protectionbecause they risk a reputational loss and administrative sanctions… Criminals know it,” acknowledges Francisco Valencia, CEO of Secure&IT, a Spanish IT company specialized in cybersecurity.
Besides the extortionhealth information can be used for various illicit purposes, such as Identity Theft wave sale on the black market. According to the report carried out by ENISA, a medical record can cost between 30 and 900 euros, while a credit card can be sold between 1 and 5 euros.
“Medical data comprises confidential information related to the health of individuals, including personal data, medical records, results of diagnostic tests, medical procedures, prescribed medications and any other details that may be relevant to the diagnosis, treatment or monitoring of health. of a person. This data is highly sensitive and is protected by strict laws and regulations in most countries due to its private nature and its potential to be used in harmful ways if they fall into the wrong hands,” explains the CEO of Secure&IT.
These damages can occur, for example, if this medical information is leaked to the company where a certain patient works or to their insurer. “If you disclose health conditions that could be perceived as limiting, the patient could face discrimination or be subject to unfair employment decisions, such as layoffs, assignment of less desirable tasks, or denial of promotions. Furthermore, depending on the nature of the medical information disclosed, the patient could face financial difficulties, such as loss of health insurance, denial of coverage, or increased premiums due to pre-existing conditions,” the expert emphasizes.
Although cyberattacks have as their main objective the theft of sensitive datasuch as medical records, financial information, and other personal data, as well can affect the delivery of services and the quality of care that the patient receives. In fact, the consequences of a cyberattack in the healthcare sector can go beyond a simple data breach. They can be truly devastating. “This type of attack represents a real danger to the health of patients. Imagine a scenario where a hospital's IT systems are compromised, resulting in critical medical equipment being disabled or medication records being altered. The consequences could be catastrophic: delays in care, misdiagnoses and even the administration of incorrect treatments. Thus, we can affirm that the risks to the health of patients are real and potentially fatal,” says Francisco Valencia.
Denial of service (DDoS) attacks, which aim to overload an organization's computer systems with fake traffic, making them inaccessible to legitimate users. DDoS attacks can cause serious disruption to healthcare organizations.
Theft of patents or research data
Although healthcare providers and hospitals are the most affected, in the healthcare sector there are other entities such as health authorities and the pharmaceutical industry that have also been targeted. “There are other highly valued data groups: those of patents, industrial developments and researchand those of one's own hospital management”warns Francisco Valencia. And he adds: “We are referring to the strategic data that makes a company competent and that has to do with the components of a vaccine or a certain medicine. On the other hand, there is the data on the people who provide assistance or the purchases made by the hospitals.”
The drug research data or health products may have a high value on the black market, either to sell to competitors interested in gaining a competitive advantage or to extort pharmaceutical companies through blackmail. But they also lead to manufacturing fake medicines that are usually sold on the dark web. “They look for a group of people who have a specific pathology to sell them their miraculous solution. Many of these people will be desperate to find a solution to their pathology and sometimes they grasp at straws. Therefore, they are victims of fraud of this type,” says Francisco Valencia.
Factors that aggravate the problem in the health sector
The lack of resources, the complexity of computer systems and the lack of awareness among healthcare personnel aggravate this situation. According to benchmark studies, the main gateways for cyberattacks in the health sector include bad security configuration, human errors in operationsocial engineering attacks and supply chain attacks.
“Someone who is dedicated to the black market in health data is not going to abandon their efforts because we encrypt the data. This is always a war and, unfortunately, crime is one step ahead. So we always have to be up to date to reduce the risk as much as possible,” says Valencia. And he adds: “Furthermore, it happens that cybercriminals do not believe they are criminals, they think they're Robin Hood. “Many attack because they understand that it is unfair that we have two-speed healthcare in the world.”
The first thing, according to the expert, requires develop organizational measures. “We must answer the questions: who has to access medical data? When and for what? ”She points out. Encrypting the information, controlling access with the person's identification, preventing its exposure and storing the information in a disassociated manner would be technological measures that would mitigate the impact in the case of theft. Javier Martí, head of Cybersecurity at Secure&IT, emphasizes: “Cybersecurity in the health sector is a challenge that we cannot ignore. Strong measures need to be taken to protect patient information and ensure trust in the health system.” Because, If we continue to access blackmail, we contribute to making cybercrime profitable and we will not be able to put an end to it..