Cyberattacks targeting healthcare are putting patients at unnecessary risk and much more must be done to keep the cyber criminals involved to account, warns the CyberPeace Institute , a global body dedicated to protecting the vulnerable in cyberspace.
The healthcare industry has been under increased strain over the past year due to the impact from the COVID-19 pandemic, which has prompted some cyber criminals to conduct ransomware campaigns and other cyberattacks.
Confronted with a ransomware attack, a hospital might pay the cyber criminals the ransom they demand in substitution for the decryption key because it’s perceived to be the quickest and easiest method to bring back the network – and, consequently , one of the most direct path to restoring patient care.
It doesn’t stop the incident being traumatic for staff, who might suddenly end up not able to be involved in procedures, while patients may get sent to other hospitals for treatment – something that could prove risky if time is a factor. But even months on from the cyberattack, patient care can remain affected.
“There’s a real-time impact and also a long-lasting impact, ” Stéphane Duguin, CEO of the CyberPeace Institute, told ZDNet.
“When hospitals and healthcare are hit by ransomware, what is the quality of care you can hope for in these entities like six months afterwards, or twelve months afterwards? It’s quite concerning since you have more chance to get proper care of less good quality, if you go into this hospital with a condition, the care might take longer than it did before panic anxiety attack, ” Duguin said.
For this reason, the CyberPeace Institute paper, entitled ‘ Having fun with Lives ‘, argues that cyberattacks on healthcare are attacks on society as a whole, potentially creating threats to human life – particularly if campaigns are targeting hospitals and healthcare organisations during a pandemic.
One of the key explanations why cyber criminals target healthcare is really because it’s often based around the actual report describes as “fragile digital infrastructure”. Healthcare networks are complex due to the number of specialist devices linked to them. They’re also vulnerable due to the quantity of legacy infrastructure for the network , that might not really be supported with security updates .
It had been the continued utilization of legacy infrastructure throughout the network that left the UK’s National Health Service (NHS) so vulnerable to the WannaCry ransomware attack . Although a patch was available prior to the incident, the type of healthcare meant it was hard to turn off sections of the network to be able to apply the update.
The use of legacy infrastructure is associated with what the report describes as a “resource gap” in healthcare, which means that cybersecurity in the sector is under-financed, rendering it hard to distribute the required resources to totally protect hardware and software over the network.
Ultimately, cyber criminals are carrying out campaigns like ransomware attacks because they’re seeking easy money; extorting funds from hospitals whose networks have been compromised provides a means of gaining exactly that.
Unfortunately, ransomware gangs rarely face consequences for his or her actions , and Dunguin argues that governments and law enforcement should put more resources into getting cyber-criminal gangs in order to justice.
“Government should also play a role in decreasing the number of attacks simply by pursuing unlawful groups and making sure that it’s not the free of risk criminal offense pertaining to internet bad guys, ” this individual stated.