Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …
Healthcare organizations rely on a vast network of connected devices to deliver essential services. The sheer volume and variety of parties involved in the production or circulation of healthcare data adds an extra layer of complexity when it comes to maintaining cybersecurity – from clinicians to technical experts to patients. While this is understandable given their lack of cybersecurity expertise, security considerations demand that healthcare institutes remain vigilant to potential attacks that could put patient information at risk.
With over 3,000 healthcare establishments in France, cybercriminals have a wide choice of potential targets. Between healthcare data thefts, ransomware demands and an increase in cyberattacks, 2022 has been an eventful year for the healthcare sector. Let’s take a look at cyber attacks and their impact on healthcare establishments.
Medical records are proving to be a valuable commodity on the digital black market – selling for 2.5 times more than other documents at an average of 350 euros each. Cybercriminals see them as goldmines, filled with sensitive personal information, including biometric data and bank details – making them incredibly attractive targets.
Healthcare organizations have long been subject to relentless cyber attacks, as medical data remains a particularly attractive target for malicious actors. For years now, these companies and institutions have had to stay one step ahead of the latest threats in order to preserve the security of their sensitive information.
In 2020, hospitals enjoyed some respite from the COVID epidemic. But since 2021, cyberattacks have picked up again, reaching 733 compared with 392 in 2020.
To date, the number of computer attacks targeting hospitals and healthcare establishments in France in 2022 is still unknown. However, the French national authority for information systems security and defense (Anssi) says the trend is set to continue. This year, the frequency of serious incidents in French healthcare establishments is estimated at more than one per week.
The healthcare sector is plagued by a myriad of cybersecurity issues. These problems range from malware that compromises system integrity and patient confidentiality, to distributed denial of service (DDoS) attacks that disrupt facilities’ ability to deliver patient care.
1. Ransomware
As a rule, ransomware infects machines in one of three ways:
Ever-changing variants and tactics, techniques and procedures (TTPs) complicate the task of security experts. What’s more, platforms such as “ransomware as a service” (RaaS) make it easy for anyone with little or no technical skills to launch ransomware attacks.
2. Data breaches
Infringements are widely observed in the healthcare sector. These can be caused by many different types of incident, including malware stealing credentials, an insider deliberately or accidentally disclosing patient data, or the loss of laptops or other devices.
3. DDoS attacks
Distributed denial of service (DDoS) attacks are a popular tactic, technique and procedure used by cybercriminals to overwhelm a network to the point of rendering it inoperable. This can pose a serious problem for healthcare providers who need access to the network to provide appropriate patient care, or who need Internet access to send and receive e-mails, prescriptions, records and information.
In the past, cybercriminals didn’t dare attack hospitals.
Hospitals are frequent targets for hackers for a number of reasons. Firstly, hospitals often have less robust IT security systems than other businesses, making them more vulnerable to cyberattacks. Secondly, patients’ medical data is highly valuable and can be resold for fraudulent purposes. Finally, attacks on hospitals can have serious consequences for patients, which can give hackers a psychological advantage.
The consequences of a cyber-attack on a hospital can be severe and life-threatening. Some possible consequences include:
Even if healthcare establishments don’t pay the ransom demanded by cybercriminals, the costs are considerable. Between lost data, time spent processing medical records manually, and slowed patient management, medical staff have to devote an enormous amount of time to keeping the facility running.
In a hospital, many systems are connected. However, this equipment is often managed by obsolete computer systems such as Windows XP, and some systems even date back to 1998 or 2000. Nursing staff also need to be trained. Despite all the security systems installed, if a nurse clicks on a fraudulent e-mail, they become useless.
Clearly, the priority is to facilitate the modernization of hospital IT systems. The use of email filtering software is also a solution to combat cyber-attacks. Large healthcare establishments can also hire a specialist in cybercrime, which represents a certain cost that is difficult to envisage for a small hospital.
To combat this phenomenon, the French government has announced a 25 million euro cybersecurity budget for healthcare establishments for 2021 and 2022.
This security plan concerns 950 establishments, including 150 hospitals. The 20 million euros “will almost double the number of healthcare establishments benefiting from this security pathway, which will immunize them against this type of attack”, said Jean-Noël Barrot, Minister Delegate for the Digital Transition. The aid will enable “audits” to be carried out, followed by “technological and human support”.
Hospital? Clinical? Laboratory? Healthcare company? If you too would like to protect your mailbox, or find out more about Altospam’s email protection solution, request a test or contact us.
Test Altospam’s solutions!
Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …