The Human Impact Of Ransomware In Healthcare

Uploaded on 2024-11-11 in FREE TO VIEW, BUSINESS-Services-Health & Welfare

Whilst the rapid digitalisation of the health sector is bringing new benefits to the availability and scope of medical services, there’s been a cybersecurity trade-off which is putting patient’s health and wellbeing at risk. 

Cyberattacks on the sector have reached epidemic proportions and created widespread disruption to services at a time when health providers are already under pressure to keep up with demand.  

In fact, we found that the healthcare sector suffered more ransomware attacks than any other industry for three consecutive months this year. And behind the headlines of major incidents that bring services at large hospitals to a standstill, there are countless more small clinics, practices and surgeries which must absorb the impact resulting in further backlogs, downtime and delays to the continuity of care that patients rely on. 

Data may be the primary target, but it’s certainly not the only casualty when attackers compromise vital digital systems. Since ruthless criminal gangs are willing to use patients’ privacy, safety and health as leverage for ransom demands, it is vital that the sector protects its greatest points of vulnerability to safeguard patients and staff. 

The Direct Impact On Patient Care & Wellbeing

For any sector dealing with the fall out of a cyberattack, the disruption to services can lead to major, long-lasting consequences which can last for weeks or even months. For the health sector there’s always an added level of jeopardy and severity as they’re dealing with adversaries who are willing to put financial profit before human lives. 
In the UK, the cyberattack on the pathology services provider Synnovis, resulted in the cancellation of over 3,000 NHS appointments, affecting critical services like blood transfusions and diagnostic tests. The BlackCat/ALPHV attack on Change Healthcare in the US in February, is estimated to have had a direct impact on patient care at 74% of hospitals, with many patients struggling to access care. 

It is perhaps inevitable that this operational ripple effect also contributes to significant stress and burnout among healthcare workers who are already operating in a high-pressure environment. 

The Erosion Of Trust In Healthcare Systems

The long-term consequences of ransomware extend far beyond operational disruption as cybercriminals increasingly use double extortion tactics to encrypt data while simultaneously exfiltrating it. Criminal gangs will use the threat of selling or leaking medical records to pile more pressure on their ransom demands; in the case of the Change Healthcare breach it was reported that a $22 million ransom was paid.    

There’s also the risk that sensitive data falling into criminal hands erodes public trust in healthcare systems, leaving patients fearful about the safety of their personal information. 

A new precedent was set in September when the Lehigh Valley Health Network came to a $65 million class-action lawsuit settlement in relation to a ransomware attack last year. It was a particularly malicious case, in which the perpetrators posted the nude medical record photos of patients online, with more than 135,000 patients affected in total.

The theft of any sensitive clinical data is huge breach of privacy and can cause further emotional distress to patients. When highly private medical records are in the hands of criminal gangs they can be used as a bargaining chip to target the individual directly for ransom demands, or to be exploited further for identity fraud and theft.   
It’s not only the patients that suffer once data is in the wrong hands. Healthcare staff are just as susceptible to bear the brunt of data breaches and there are numerous cases of financial information belonging to hospital personnel being stolen and leaked alongside patient data in large scale cyberattacks. 

Addressing The Causes Of Healthcare Cyberthreats 

There are several factors that make the healthcare sector more vulnerable to cyberattacks. An ageing IT infrastructure is one the biggest issues, as squeezed budgets and decades of under investment mean that many providers are relying on outdated systems. Legacy assets are more difficult to manage and leave gaps in security processes, but many organisations struggle to find the resources, or money they need to modernise.
For those unable to replace or revamp old systems, the priority should be on limiting attackers’ ability to access and move through the network. Adopting identity-based security measures such as multi-factor authentication (MFA), least privilege access, and Zero Trust frameworks are key here, ensuring only authorised users can access sensitive data. 

Mitigating The Impact

In addition to attempting to limit the root causes of breaches, healthcare organisations need to identify signs of attack and reduce the impact of breaches. 

Endpoint detection and response (EDR) tools play an important role by identifying suspicious activity early and alerting security teams. Additionally, continuous monitoring of third-party vendors is vital, as many attacks exploit weaknesses in external connections.

Next-generation firewalls further enhance security by enforcing identity-based policies, ensuring sensitive data is protected from unauthorised access.

Further, anti data exfiltration (ADX) solutions are important in safeguarding sensitive patient records, providing a critical layer of protection that stops exfiltration and lateral movement within the network, stopping both the activation and spread of ransomware.

Collective Efforts For Greater Security

These organisational-wide measure are vital, but there’s a growing acknowledgment from policy makers and legislators that combatting the growth of ransomware needs a collaborative approach. Healthcare organisations must recognise that they aren’t facing this threat alone and should actively seek to work alongside groups including regulators, law enforcement, and technology partners. 

A coordinated approach can help the sector to stay ahead of cybercriminals by ensuring that health providers have access to the latest threat intelligence and advice on enhancing security strategies. 

This is more important than ever, as there’s a very human impact at the heart of cyberattacks in this sector. Behind every story of private health records that have been stolen, medical images that are leaked, or appointments that are missed, is an individual patient whose right to privacy, wellbeing and care has been compromised. 

It’s a right that leaders and policy makers in the industry need to work hard to defend even as cybercriminals continue to launch ever more damaging attacks. 

Dr. Darren Williams is CEO and Founder of BlackFog    

Image: Alexander Grey

You Might Also Read: 

AI Has The Power To Transform Healthcare Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Security: The Fastest Growing IT Work In The UK
Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.