Healthcare Cyber Security Solutions
ACID Technologies helps healthcare providers protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted providers to implement effective preventive measures
The incidence of cyberattacks on healthcare organizations is consistently on the rise across the world. In some regions, the YoY increase is higher than 50%. It has been found that once attacked, a healthcare organization is at higher risk of being attacked again. The average cost of a cyberattack in the healthcare sector is also rising, and has reached $10.1 million.
ACID Technologies provides a cost-effective solution to help healthcare organizations protect themselves from cyberattacks. Through 24/7/365 monitoring of the dark web and a multitude of other sources, it detects attacks as early as in their planning stage, and provides the targeted organization with a real-time alert, continuing to add valuable information as it becomes available. The intended victim can thus respond and implement countermeasures to mitigate the harmful effects of the attack, or even foil it altogether. It can thus potentially avoid disruption to its operation, heavy regulatory fines, and loss of reputation.
Cybersecurity for the healthcare sector is critical
The healthcare sector is a prime target for cybercriminals and cyberterrorists due to the huge amount of sensitive PII (personal identifiable information) that this sector holds – cybercriminals can make up to US$ 1,000 per medical record sold on the dark web (Forbes, 2020) – and well as the critical need for constant availability of updated patient data in order to provide medical care.
The use of web-connected devices increases healthcare institutions’ vulnerability. In the specific case of this sector, cyberattacks can place lives at risk, in addition to severely disrupting routine operation and exposing patients’ most sensitive personal information. Moreover, while passwords can be changed and credit cards can be reset, health data remains valid forever, and can be used for identity theft, insurance and health care fraud and other criminal activities.
Healthcare systems are vulnerable also because not enough resources are placed at their disposal to detect and address cyberthreats. Only 5% of hospital IT budgets is allocated to cybersecurity, as reported by Becker’s Health IT. Only 22% of IT managers in the healthcare sector feel that they are given adequate funds to secure their systems, as revealed by Black Box Research and reported by Newswire. The same source also states that 86% of IT professionals in this sector believe that data attackers are outpacing their medical enterprises.
A Check Point Software Mid-Year Report released in 2022 revealed a 69% increase in cyber-attacks targeting the health care sector as compared to 2021. Cybersecurity Magazine claimed in 2020 that the health industry suffered twice to triple the number of cyberattacks than the financial sector. Forbes added that in the USA alone, attacks on US healthcare facilities in 2020 affected 17.3 million people, and resulted in 436 data breaches.
Cybercrime Magazine reported in 2020 that the global healthcare cybersecurity market is set to grow by 15% annually through 2025, reaching US$125 billion.
It is important to note that cybercriminals do not hesitate to exploit crises to their advantage. As early as in April 2020, the World Health Organization reported a five-fold increase in cyberattacks since the start of Covid-19 pandemic. A case in point is an attack that took place in March 2020, at the height of the Covid-19 pandemic, which targeted the Brno University Hospital in the Czech Republic – home to one of the country’s largest COVID-19 testing laboratories (ZDNet).
Rick Pollack, President and CEO of the American Hospital Association, wrote in an article published in October 2022: “The health care field continues to be a top target for cybercriminals. According to data from the Department of Health and Human Services (HHS), there has been an 84% increase in the number of data breaches against health care organizations from 2018-2021… In some cases, cybercriminals steal Social Security numbers and other personal data. Other breaches pose a direct threat to patient safety by shutting down or compromising medical equipment and systems that are critical to patient care.”
Fortified Health Security’s mid-year report for the first half of 2022 stated that the healthcare sector suffered 337 breaches in this six-month period alone, in which more than 19 million records were affected. HIPAA Journal revealed in November 2022 that the previous month was the worst month of the year to date for healthcare data breaches, with 71 breaches reported and more than 6 million records breached.
Insider threats are result in data breaches that can be extremely harmful to the healthcare organization, its patients and staff, even if they result from negligence and are unintentional – according to Ponemon’s 2020 Insider Threats Report, 61% of data breaches involving an insider can be classified as such.
Failure to implement the necessary measures to keep data safe can also cost healthcare organizations heavy penalties for noncompliance with HIPAA and GDPR requirements, in addition to the possible expense of replacing and/or upgrading their IT systems.
What are the Benefits of Healthcare Cybersecurity Solutions?
Cybersecurity solutions protect data
Cybersecurity for Healthcare providers allows you to safeguard data and prevent malicious parties from accessing it, ensuring that only authorized individuals can do so. It also helps
identify security gaps and systems requiring enhanced protection. Safeguarding medical data first and foremost enables healthcare organizations to operate smoothly and best serve their patients, while preserving their reputation and avoiding financial loss.
Safeguard your organization 365 days a year
Cyberattacks can occur at any moment, as cybercriminals are active 24/7/365. Adopting robust healthcare cybersecurity solutions protects your organization’s data and systems year-round, including after work hours and on weekends and holidays: 365 days a year of medical cybersecurity with comprehensive data and systems protection.
Secure telemedicine
Medical cybersecurity helps your organization detect threats targeting your system or network from remote devices or systems. Many healthcare organizations work with individuals using IoT devices, through which a hacker can potentially access the central or host server.
Protection for your executives, staff, and patients
To supplement technological cybersecurity solutions, healthcare organizations would be well-advised to provide their employees with cybersecurity awareness training also covering common cyber threats, such as ransomware, DoS attacks, and phishing.
Regulatory compliance
Dedicated cybersecurity solutions reduce risks associated with data storage on the cloud, third-party providers, and remote devices, to ensure compliance with HIPAA and GDPR requirements.
The main threats that cybersecurity for the healthcare sector must effectively address
Cybercriminals launch a diverse range of attacks against the healthcare sector. The main ones are described below:
Ransomware
As hospitals, health insurers and other healthcare organizations hold an immense amount of protected health information (PHI), payment information and other sensitive data, they are a particularly attractive target for ransomware attacks. Indeed, according to Black Book research, 73% of IT managers in the healthcare sector stated that their organization had suffered a ransomware attack. In such attacks, the cybercriminals gain access to the data, encrypt them and make them inaccessible to the medical staff. They can also gain access to medical devices and render them inoperable, severely disrupting, or even stopping the provision of services altogether. The data remains inaccessible until the ransom payment is transferred, with often within a tight deadline. A relatively new and concerning phenomenon is RaaS – Ransom as a Service – which is defined by Kaspersky as a business model whereby malware developers lease out ransomware and its control infrastructure to other cybercriminals; this means that the criminals no longer need to be experts to launch attacks.
It is not only the amount and nature of the data stored in healthcare institutions’ systems that draw cyber attackers to them; it is also the fact that these data breaches can result in harm to patients, and even loss of human life. Cybercriminals recognize that this could encourage the targeted organizations to quickly pay, despite the FBI’s strict directive not to do so. However, even when the ransom is paid, in many cases the cybercriminals fail to release the data (some of all) even after receiving payment, which means that the ransom payment itself is added to all other costs that the organization must spend in order to resume normal operation.
Cyber attacks on healthcare devices using unmanned aerial vehicles
This new, perhaps unexpected threat, was the topic of an article published in The Journal of Medical Systems in December 2019. Authors Sethuraman et al. state that the growing use of wireless technology in healthcare systems and devices makes them particularly vulnerable to cyber-based attacks, including denial of service and information theft via sniffing (eavesdropping) and phishing attacks. They add that evolving technology enables wireless healthcare systems to communicate over longer ranges, which exposes them to additional potential threats. Unmanned aerial vehicles (UAV) or drones present a new and evolving attack surface for compromising wireless healthcare systems. They specifically mention two new types of cyber threats: a steppingstone attack and a cloud-enabled attack. In a test conducted, the UAV successfully attacked a simulated smart hospital environment and also a small collection of wearable healthcare sensors
SQL injection
In a Structured Query Language injection attack a piece of SQL code is used to manipulate a database, with the aim of gaining access to data, and then modify, transfer or delete it. As most web applications and websites use SQL-based databases, this type of attack is particularly prevalent.
Phishing
A 2021 Healthcare Information and Management Systems Society report stated that 71% of healthcare breaches originate in phishing attacks. These are most often launched via email, with messages increasingly appearing genuine to the common user. Once the link is clicked, the cybercriminal can easily gain access to sensitive and confidential information. One such phishing email was designed as a letter sent by the World Health Organization during the Covid-19 pandemic, with an attachment titled “My Health E-book.” One reason that phishing attacks via email are so successful is because cybercriminals invest efforts to make them, and the sites they direct to, very convincing, in view of the potential financial reward they can gain.
DDoS
In Distributed Denial of Service (DDoS) attacks, the cybercriminals aim to overwhelm a network by sending more requests to the website than it can handled. By exceeding its capacity, it prevents the website from functioning properly, or at all. Although DDoS attacks do not involve data exfiltration, the disturbance they cause is harmful to healthcare organizations, and cybercriminals have been known to demand ransom in exchange for terminating the attack.
Insider threats
While healthcare organizations tend to direct their attention outward when taking action to protect themselves from cyberattacks and prevent data theft, insiders threats, which they often overlook, present a real threat as well. Verizon reported in 2020 that 48% of data breaches in healthcare facilities are committed by internal actors. With respect to HIPAA violations, insider threats can be classified into two main categories: negligent and/or insufficiently trained employees, and employees bearing a grudge against the organization and intending to cause harm. An analysis of past event shows, as reported in the 2020 Insider Threats Report released by Ponemon Institute, in 61% of data breaches attributed to insiders, negligent employees are the culprit despite having no ill will. That said, insiders will a malicious intent can be highly dangerous to the healthcare organization, when they have already been granted some access to networks and system, or are familiar with system configurations and vulnerabilities.
Medjack
This is the abbreviated term for medical device hijack, in which the cybercriminals direct their attention and efforts at medical devices which are integrated with applications. If the integrations are not secure, they can be exploited to steal data until the breach is detected.
Recent cyberattacks that demonstrate the importance of effective cybersecurity for the healthcare sector
- Hospital websites: The websites of hospital across the USA were targeted in February 2023, resulting in disruptions. The pro-Russian hacktivist group KillNet, which had previously targeted healthcare organizations of countries supporting Ukraine, claimed credit.
- Sharp Healthcare: In February 2023, the largest healthcare provider in San Diego, sustained an attack in which the social security numbers, health records and health insurance data of close to 63,000 patients had been compromised.
- NextGen Healthcare: In January 2023, the electronic medical records company was the target of an apparent ransomware attack. The suspected attackers were the Russian group BlackCat. NexGen Healthcare reported that it had immediately contained the threat, secured its network, and returned to normal operations. Furthermore, it claimed that it had not uncovered any evidence of access to or exfiltration of client or patient data.
- André Mignot Hospital: A ransomware attack perpetrated in December 2022 against the hospital, located in a suburb of Paris, affecting its computer and phone systems. As a result, the hospital was forced to partially cancel operations, transfer some patients from its ICU and neonatal units to other healthcare centers, and to only accept consultations and walk-in patients.
- Medibank: In October 2022, Medibank, one of Australia’s largest private health insurers, detected unusual activity in its network, and confirmed it had been targeted in a ransomware attack. The stolen information included names, addresses, telephone numbers and claims data of about half a million customers. The attack, which was blamed on Russian cybercriminals, affected 9.7 million customers, both present and past, including 1.8 million international ones. CNN reported that the hackers initially demanded US$ 10 million, and later reduced the sum to US$ 1 for each customer, or a total of US$ 9.7 million, which Medibank refused to pay. Several weeks after the suspicious activity was first detected, the stolen information began appearing on the dark web, classified into categories, including, among others, abortions and “boozy”, which included persons who had sought help for alcohol dependency.
- Advocate Aurora Health: HIPAA Journal reported a data breach that occurred in October 2022, due to the use of Meta Pixel code on the website and patient portal of Advocate Aurora Health, a non-profit health care system which operates 26 hospitals and more than 500 sites of care. The breach resulted in the impermissible disclosure of the PHI of up to 3 million patients to Meta/Facebook.
- CommonSpirit: In late 2022, CommonSpirit, the second largest non-profit hospital chain in the USA, was targeted in a ransomware attack, forcing it to cancel appointment for medical procedures and take some of its computer system offline. Cyber Talk provided an example of the effect of this attack, in which a child brought to Des Moines Medical Center was mistakenly given five times the prescribed dose of pain medication as a result of the system being offline. This was but one example of the effect of the cyberattack on patients, in a system of 140 hospitals and more than 1,000 care sites in 21 states.
- Goodman Campbell: In May 2022, Goodman Campbell Brain and Spine, with 7 locations in the state of Indiana, USA, suffered a data breach. It revealed that the personal health information (PHI) of nearly 363,000 of its patients was posted on the dark web, where it remained accessible for 10 days.
- Aveanna Healthcare: In November 2022, Aveanna Healthcare, which provides home healthcare in 33 US states, agreed to pay US$ 425,000 to settle a lawsuit filed in connection with phishing attacks that were perpetrated in 2019. According to the Massachusetts Attorney General, Aveanna Healthcare failed to keep its data secure, and as a result, the protected health information (PHI) of more than 4,000 patients was compromised, including diagnoses, treatment records and medications prescribed, as well as financial account numbers, driver’s license numbers and social security numbers.
ACID’s cost-effective cybersecurity for the healthcare sector
In its annual Cost of Data Breach Report covering the period March 2021 to March 2022, IBM reported that the average cost of a data breach for a healthcare organization is more than US$ 10 million – a 9.4% increase from the corresponding period the previous year. The healthcare sector continues to suffer highest breach-related damages for the last 12 years.
ACID offers an exceptionally cost-effective solution that helps healthcare organizations protect themselves from cyberattacks, keep the sensitive data stored in their databases safe, their services and medical devices running smoothly, their patients safe from the effects of compromised data and unlawful access to systems, and potentially avoid serious financial and reputational harm.
ACID deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the targeted organization in real time, providing all the available information – including screenshots of threats detected on the dark web, which clients may be reluctant or incapable of accessing themselves. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID regularly scans a very large number of sources, if the client wishes to add additional ones that are particularly relevant for it, this possibility is offered as well.
Additionally, ACID conducts widespread monitoring activities to detect any stolen data that may be offered for sale, indicating that the organization has already been breached, to enable it to take appropriate action.
ACID detects cybercriminals’ plans to attack healthcare organizations, most often to steal confidential PII data and hold them for ransom. By providing advance warning of impending attacks, we allow the targeted institutions to take appropriate action in order to continue their important, lifesaving work uninterruptedly or mitigate disruption. The detection of indications that a breach that has already taken place enable the targeted organization to plug the breach and mitigate the harm.
ACID helps healthcare organizations avoid the theft of patients’ PII and the associated regulatory fines, ransom payments, and often, the heavy recovery costs required to resume normal operation and improve IT system protection, and also to avoid costly class-action lawsuits.
ACID Intelligence and DIP enhance the cybersecurity posture of healthcare organizations. By unleashing clusters of robots and implementing advanced AI tools, using client-specific keywords in the relevant language/s, any hint of a planned attack appearing on the dark web and on a multitude of other sources is immediately detected, and a real-time alert sent to the targeted organization, with all available information. With this precise information, the intended victim can respond to the threat and take action to reduce it, mitigate its potentially disastrous consequences, and possibly foil the attack altogether. Monitoring continues and updated information is provided as soon as it becomes available to enable finetuning the response.
With ACID’s solutions, healthcare institutions can significantly reduce their risk of service disruption and continue their important lifesaving work, and also potentially avoid heavy regulatory fines and class-action lawsuits.
Is the healthcare sector a preferred target for cybercrime?
The healthcare sector is a prime target for cybercriminals and cyberterrorists, due to the huge amount of sensitive PII (personal identifiable information) that it stores, and the critical need for constant availability of updated patient data in order to provide uninterrupted medical care. Unavailable medical records and service disruptions not only directly impact on a healthcare organization’s ability to fulfill it’s mission, but can also place lives at risk. Moreover, while passwords can be changed, and credit cards can be reset, health data remains valid forever, and can be used for identity theft, insurance and health care fraud, and other malicious activities.
Aware of the vulnerability of this sector on the one hand, and of the potential for financial gain from attacks directed at it on the other hand, cybercriminals regard the healthcare sector as a particularly attractive target. This sector is so lucrative to them due to the potential profit from the sale of stolen sensitive data on the dark web, as well as from ransom more likely to be paid by healthcare organizations than those operating in other sectors, in order to retrieve their records and resume operation, to avoid paying fines due to regulatory violations, and protect their reputation.
In its report covering the period January to September 2024, Check Point Research revealed that the global weekly average number of attacks per organization in the healthcare industry reached 2,018, reflecting an increase of 32% as compared to the same period in 2023.
However, the largest increase, of 56%, was recorded in Europe, although the weekly number of attacks was lower: 1,686.
The APAC region was responsible for an almost equally high rate of increase – 54%, but incurred the highest number of weekly attacks per organization, averaging 4,556.
Check Point’s research for Latin America shows a 34% increase, with a weekly average of 2,703 attacks per organization.
The rate of increase in North America stood at 20%, with 1,607 weekly attacks.
Why is the healthcare sector so vulnerable to cyber attacks?
The vulnerability of the healthcare sector to cyber attacks results from a variety of causes:
Digitalization: Increased digitalization of healthcare systems is identified by Check Point Research as a major contributor, driven by expanding access to digital health records and telemedicine. Needless to say, to provide timely and accurate medical treatment, sensitive patient data must be readily accessible to healthcare professionals.
Internet of Medical Things (IoMT), networked devices: The growing reliance on IoMT and the use of interconnected devices in healthcare organizations significantly increases their vulnerability, as the result of any single attack on one device can be broader and more damaging. The security of IoMT systems is often poor; this helps cyber attackers exploit weak points in order to access and steal sensitive data.
Regulatory requirements: In some countries, these requirements are insufficient. Even healthcare organizations fully complying with them leave themselves exposed to cyber attacks.
Insufficient resources: Many organizations in the healthcare sector, particularly smaller hospitals, lack the funds necessary to invest in effective measures in order to reduce their risks of incurring cyber attacks, the average cost of which is now $10.1 million (Check Point Research report, Q2 2024). Most of their budget is dedicated to patient care, and due to their finite resources, investments in cybersecurity often take a back seat. This, despite the risk of being faced with ransom demands in the millions of dollars, which exceed the cost of such measures by far. Furthermore, as cybercriminals continuously upgrade their methods of attack, the solutions must as a minimum keep up with them; this requires the investment of even more resources.
Are ransomware attacks common in the healthcare sector?
Ransomware attacks pose great danger to organizations operating in the healthcare sector, as demonstrated by their disastrous effects on hospitals worldwide. According to the FBI, healthcare and public health organizations were at the receiving end of the largest number of ransomware attacks in 2023. Check Point Research reveals that their number has increased by 264% in the last five years.
When cybercriminals encrypt the data in hospital systems and prevent medical teams from accessing it, they also prevent them from fulfilling their mission to provide the needed medical care, even to the extent of placing patients’ lives at risk. Without access to patient data, medical professionals have been forced to treat patients without basing it on updated data, such as recent test and imaging results, and to revert to handwritten records. This not only slows down their work, but also reduces the quality of care they provide.
Ransomware as a service (RaaS), with cybercriminal groups specializing in ransomware attacks providing tools to others who lack the necessary skills to act on their own, increases the challenge of dealing with these increasingly more sophisticated attacks.
The above-mentioned Check Point Research report addresses a particular ransomware group, RansomHub, which promised in an advertisement on the dark net that only 10% of the ransom received would go to the group providing the sophisticated tools, while the partners would keep 90%. This marketing approach highlights the fact that cybercrime operates like any other tech business. The report provides an example of a hacker advertising on an underground forum in the Russian language, who with his group asked for a commission of 20% on successful ransomware attacks. It adds: “This is an illustration of how RaaS cybercriminals recruit their partners and what the standard revenue distribution is. The interesting thing is that some forums have an arbitration and dispute resolution mechanism in cases where both parties disagree on payment or services delivered. This is essential as all communicating parties are criminals who communicate in an anonymous environment.”
The Check Point Research report also points to another aspect: “The problem is even bigger because many cybercriminals are working together. Some offer access to organizations they have previously breached, and others offer to rent their infrastructure for a fee. The dark net is full of advertisements offering ransomware-as-a-service (RaaS) so that even amateur cyber criminals who would otherwise not have the technical knowledge and experience for similarly serious attacks can threaten hospitals and other healthcare institutions.” Furthermore, the reports states: “we’re seeing that if one attack occurs, another can follow relatively soon. Cybercriminals are counting on the fact that perhaps there will be a failure to recover properly, that there is still some chaos, or that there will be an underestimation because hospitals won’t expect to be targeted repeatedly.”
The heavy fines that the authorities can impose on hospitals found in breach of privacy regulations also play a role in their decision on whether to pay the ransom.
What are some examples of recent significant ransomware attacks?
Recent ransomware attacks in various countries around the world include:
- An attack in February 2024 targeting Change Healthcare cost the company an initial sum of $872 million. For a period of several weeks, healthcare staff in hospitals, pharmacies and other healthcare facilities throughout the USA were unable to receive payment for patients. CBS News referred to this attack as “the biggest ever cybersecurity attack on the American healthcare system.” The CEO of UnitedHealth Group admitted that perhaps a third of all Americans were impacted in this attack. The Russian cybercriminal group using the names Blackcat and Alphv took responsibility for the cyberattack, and later, a different group, RansomHub, posted the data that it claimed had been stolen, which Change Healthcare said may have included “diagnoses, medicines, test results, images, care and treatment.” The company’s President and Chief Financial Officer John Rex said: “Of the $870 million, about $595 million were direct costs due to the clearinghouse platform restoration and other response efforts, including medical expenses directly relating to the temporary suspension of some care management activities.” The company later admitted to paying an additional $22 million ransom, adding that it expected the total cost of the cyber this attack to amount to $2.3 billion or more.
- The May 2024 ransomware attack on Ascension, an American nonprofit network that includes 140 hospitals in 19 states, has affected a large number of its hospitals. It has forced it to take critical IT systems offline and record patient information on paper, divert ambulances and close pharmacies. It took Ascension approximately six weeks to restore access to its electronic medical record system and resume routine operation.
- In Australia, the personal details of almost 13 million people – approximately half of the country’s population – was stolen in ransomware attack in April 2024 targeting MediSecure, a prescription provider.
- In September 2024, in a ransomware attack affecting London hospitals, the data of nearly one million NHS patients were leaked online in an extortion attempt. The sensitive data included personal information as well as information of a sensitive nature, including, for example, on sexually transmitted infections and cancer.
- The critical software systems of OneBlood, a blood center serving hundreds of hospitals in the USA, were targeted in a ransomware attack in August 2024, which was attributed to Russian cybercriminals. One week after the attack was launched, the systems were still in the process of being restored.
What other types of cyber attacks are common in the healthcare industry?
Two other types of cyber attacks are often chosen by cybercriminals:
- Distributed Denial of Service (DDoS): DDoS attacks, in which the perpetrators overwhelm systems with traffic that is beyond their handling capacity, are used more and more, at times combined with ransomware or theft of data.
- Phishing: Using stolen credentials or malware to gain entry into organizations’ systems is also a common type of attack in the healthcare industry. Due to the large number of users involved, cybercriminals find that it is relatively easy to trick some of them into sharing their credentials. This type of attack is also less costly to the criminals than attempting to penetrate the organizations’ cybersecurity measures.
What challenges do the healthcare organizations face when trying to enhance the level of their cybersecurity?
In their efforts to enhance the level of their cybersecurity, healthcare organizations face multiple challenges:
- Outdated legacy systems: Many healthcare organizations rely on legacy systems that have become outdated and increase their vulnerability to cyber attacks, as well as to legal risks and crashes. In terms of cybersecurity risks, they often contain unpatched vulnerabilities, which cybercriminals can easily exploit to carry out attacks. These organizations would be well advised to consider that the potential cost of breaches exceeds the cost of updating the systems and proceed to do so – the sooner the better.
- Multiple point products: Check Point, citing a survey conducted with Vanson Bourne, mentions poor visibility and gaps between the protections delivered by each product. As multiple vendors are involved, organizations must also deal with the complexity and the higher cost of managing relationships with them. While 87% of the respondents in this survey recognized the importance of consolidation, 54% reported that their organizations use more than 10 point-products. Consequently, it is more difficult for these organizations to detect potential attacks and implement measures to thwart them before being faced with the outcome of having their sensitive data stolen or rendered inaccessible in a ransomware attack.
- The impact of disconnected security architecture on cost: As the security architecture of many healthcare organizations is disconnected and inefficient, they often find themselves paying for overlapping, redundant security solutions, instead of investing the same amount of money in more advanced and effective ones.
What are some more of the recent significant cyber attacks that targeted healthcare organizations?
- In February 2024, Cencora, a pharmaceutical solutions company which is #10 on the Fortune 500 list, suffered a cyber attack that exposed patients’ personally identifiable information (PII) and protected health information. Due to interconnectedness in the pharmaceutical industry, this single attack impacted almost a dozen partnering pharma firms, including, among others, Bayer, Novartis, Regeneron, AbbVie, GlaxoSmithKline, Incyte, Genentech, Sumitomo Pharma America, Acadia, Endo, and Dendreon.
- In August 2024, the IT systems of McLaren Health Care, a $6.6 billion system in Michigan, USA, which includes 13 hospitals, HMOs, surgery and imaging centers, were breached in a cyber attack. As a result, 2.2 million patients’ sensitive personal and health information was compromised, including names, dates of birth, social security numbers and extensive medical information, such as billing, claims, diagnoses, prescription details, and Medicare and Medicaid information. The breach was detected only a month later. The Alphv ransomware group claimed responsibility. As a result of the attack, McLaren Health Care faces at least three class-action lawsuits.
- In June 2024, major London hospitals declared a “critical incident” following a ransomware attack on Synnovis, a private company which provides them with blood test analyses services. The operation of seven NHS hospitals was severely disrupted, forcing them to cancel more than 800 operations and reschedule 700 outpatient appointments. Because of the attack, the hospitals also issued an urgent call for blood transfusions.
- In May 2023, PharmMerica, a pharmacy services provider with thousands of facilities, discovered a data breach involving nearly six million patients due to suspicious activity on its network and unauthorized third party access. The patient details that were leaked included names and birth dates and social security numbers, and also medication, health information and insurance details. The ransomware attack group Money Message posted the stolen data on the dark web, claiming to have obtained 4.7 terabytes of data from PharMerica and its parent company.
- In April 2024, in a cyber attack targeting Kaiser Permanente, the personal information of as many as 13.4 million Americans may have sent to various external bodies, among them X, Google and Bing. This may have occurred when members and patients accessed their mobile applications or websites.