Earlier this year, the NHS in the UK became a victim of cyber crime, when computers at hospitals and GPs surgeries around the country were among tens of thousands hit in almost 100 countries by malware that appeared to be using technology stolen from the National Security Agency in the US. The attack blocked access to any files on a PC until the demanded ransom is paid. This resulted in many hospitals having to cancel or delay treatment for patients.
In fact, TrapX Labs, a division of TrapX Security, reported a 63% increase in cyber attacks on the healthcare industry for the period between January 1, 2016 and December 12.
There are several key reasons that make hospitals and healthcare premises a target for criminal cyber attacks, these include:
- Longer shelf life of personal records - this covers personal details, medical records, insurance details etc. making these types of locations particularly attractive for identity theft
- When the above point is coupled with the fact that a medical record is worth 10 times more than a credit card number, the attractiveness increases
- Loss of IT systems in a hospital is a matter of life and death - this makes hospitals susceptible to blackmail. It's one thing to close a business for one day; it's entirely different to force a hospital shutdown.
- Compromising healthcare IT is often easier than in other sectors due to underinvestment in cyber protection and staff training
- Introduction of remote access systems and tools, such as telemedicine, remote patient monitoring etc.
Typically, as an industry, there is a focus on two core aspects: Cyber Protection and Patient Safety, with the latter being the priority, largely because this is where most of the regulation sits, meaning technology vendors are obligated to ensure patient safety but are not necessarily encouraged to implement or update cyber security features.
It is critical that the healthcare sector prioritises cyber protection and the safety of personal stored data, ensuring devices, systems and data is as secure as it can be. Many hospitals are already examining various ways to mitigate the risk of a cyber attack, with one method being to store personal patient information off-site in real time and create backup systems so that if a system is locked down or subject to ransomware, it can immediately switch to another backup system.
Hospitals and healthcare facilities should also share information about attacks and other incidents, so that if one is hacked, other institutions know how to prevent it. We are all working towards the same goal; safer and more resilient facilities for our patients and staff.