Cyber ​​resilience and data privacy are emerging components of healthcare

April 7 is World Health Day and also marks the founding of the United Nations World Health Organization (WHO) in 1948. The purpose of WHO and World Health Day is to draw attention to health and wellness issues around the world. To do this, sustainable medical initiatives aimed at expanding care options and finding efficiencies in healthcare will require even closer interconnectivity between healthcare and cyberspace. Current trends such as the reliance on telehealth, user-driven medical, nutritional and fitness data, and fully digital patient records will make healthcare data more accessible and faster than ever. The tradeoff of these advances is an increased cyberattack surface.

Access to privacy, resReliability of healthcare services is paramount, and cybersecurity will be essential to meet the demand for threat protection while maintaining near-full data availability. Unfortunately, the data suggests that healthcare organizations are prime targets for potential cyber attackers, and the costs of successful attacks are rising. A study by the European Union Agency for Cybersecurity (ENISA) examined cyber threats from April 2020 to July 2021 and found that the “medical and healthcare sector” was the fourth most targeted sector among twenty respondents (the only groups most frequently targeted were the public sector/government, digital service providers and general public). And according to IBM’s 2021 Cost of a Data Breach report, the healthcare industry over the past 11 years has had the dubious distinction of incurring the highest data breach costs; the average cost of a data breach for a healthcare organization increased by 29%, from $7.13 million in 2020 to $9.23 million in 2021. Although not exhaustive, the he infographic below gives an idea of ​​the extent – ​​both geographic and organizational – of healthcare-related cyber threats. been in the last year or more.

Ensuring the digital security of the networks, data, staff and patients that make up healthcare networks will be more critical than ever in the years to come. Cyber ​​resilience (the ability to anticipate, resist, recover and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources) will be increasingly moreover a factor that will determine whether or not patients receive timely care, and in healthcare confidentiality, the data will be protected. On this World Health Day, it is clearer than ever that protecting medical networks and the data they contain is a necessary part of ensuring quality healthcare.

This map shows a sample of the many health-related cyber incidents that have occurred from the end of 2020 to the present.

  • Belgium, December 2020: The largest private laboratory dealing with Covid-19 tests in Belgium is the victim of a ransomware attack.
  • Ireland, May 2021: The Irish Health Service Executive (HSE) suffered a massive attack which brought services to a standstill.
  • Alaska, USA, May 2021: The Alaska Department of Health is breached by attackers, forcing the department to take systems offline for weeks during recovery efforts.
  • Italy, August 2021: The online covid-19 vaccine registration portal for the Lazio region of Italy is attacked by criminals.
  • New Zealand, May 2021: In what has been described as ‘probably the biggest cyberattack in New Zealand’s history’, Waikato District Health Board networks were taken offline for weeks as staff turned to paper and pen to manage patient case data.
  • Ohio, USA, May 2021: Between May and July, hackers committed a data breach against a DNA testing company that compromised the personal data of over two million people.
  • Georgia, USA, June 2021: St. Joseph’s/Chandler hospital system suffers a ransomware attack in which the medical information of 1.4 million patients was potentially compromised. The attackers gained access to hospital networks six months before the ransomware demand.
  • Ohio, USA, August 2021: Memorial Health System has admitted to reaching a ‘negotiated settlement’ after an attack that forced the hospital to turn away patients and compromised the health data of more than 200,000 people .
  • Australia, October 2021: Macquarie Health, a system that runs 12 hospitals in eastern Australia, suffered a cyberattack. Although the attack apparently did not disrupt healthcare services, several thousand confidential documents were posted on the Dark Web shortly after the attack.
  • Brazil, December 2021: The newly observed threat group Lapsus$ claims an attack on the Brazilian Ministry of Health, forcing the ministry’s websites offline and resulting in the exfiltration of covid tracking data. This attack was followed by another attack less than a week later.
  • Scotland, March 2022: A mental health charity was targeted by RansomEXX, who demanded a ransom. The charity refused to pay a ransom and some of its data leaked online.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technologies and services. Based in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the United States with decades of experience in cybersecurity and intelligence in industry and government.

We would like to hear from you. Please send us your comments by writing to us at [email protected].

The references

  1. https://www.enisa.europa.eu
  2. https://www.ibm.com/downloads/cas/OJDVQGRY
  3. https://csrc.nist.gov/glossary/term/cyber_resiliency
  4. https://www.brusselstimes.com/news/belgium-all-news/147433/antwerp-laboratory-becomes-latest-victim-of-cyber-attack
  5. https://www.politico.eu/article/ireland-cyberattack-hospitals-report-weak-defenses/
  6. https://www.cnn.com/2021/09/20/politics/alaska-health-cyberattack/index.html
  7. https://www.cyberscoop.com/italy-lazio-covid-19-vaccine-registration-system/
  8. https://www.theguardian.com/world/2021/may/24/new-zealand-hospital-cyber-attack-waikato-disruption
  9. https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/
  10. https://www.hipaajournal.com/1-4-million-individuals-st-josephs-candler-ransomware-attack/
  11. https://www.hipaajournal.com/memorial-health-system-confirms-216k-patients-affected-by-august-2021-ransomware-attack/
  12. https://www.healthcareitnews.com/news/anz/private-hospital-group-macquarie-health-takes-system-offline-following-cyber-incident
  13. https://www.cpomagazine.com/cyber-security/health-ministry-of-brazil-hit-by-two-ransomware-attacks-in-one-week-vaccination-data-stolen-taken-offline/
  14. https://www.bitdefender.com/blog/hotforsecurity/scottish-mental-health-charity-devastated-by-heartless-ransomexx-ransomware-attack/

*** This is a syndicated blog from the EclecticIQ Blog Security Bloggers Network written by the EclecticIQ Threat Research Team. Read the original post at: https://blog.eclecticiq.com/cyber-resilience-and-data-confidentiality-are-emerging-components-of-healthcare


Source link

Comments are closed.