Hospitals, like most modern organizations, are increasingly dependent on information systems for a wide variety of administrative and clinical functions. They are highly complex organizations in terms of processes, capable of operating continuously 24/7×365.
Many healthcare organizations have various types of specialized hospital information systems, such as electronic prescribing systems, practice management support systems, clinical decision support systems, computerized physician order entry systems, and more. In addition, thousands of devices that make up the Internet of Things (IoT) must also be protected. These include smart elevators, intelligent heating, ventilation, and air conditioning systems, infusion pumps, remote patient monitoring devices, and others. These are examples of some of the assets that healthcare organizations typically possess.
Beyond the enormous organizational complexity, the need for dispersed systems that must connect with one another, and the extensive network of computerized medical equipment, we must add what is perhaps one of the most valuable assets to a cybercriminal: patient clinical data.
The theft of clinical information leads to various criminal threats, ranging from the use of stolen information for administrative fraud and illicit drug use to the sale of data files to other cybercriminals.
In the article by Medigate by Clarotywe can understand in practice how cyberattacks unfold in this industry and the dangers they pose:
What Are Examples of Cyberattacks in the Healthcare Sector?
For healthcare organizations, ransomware attacks have become a persistent and increasingly disruptive type of threat that, in recent years, has caused seemingly countless HDOs to lose access to critical patient data or, worse, become unable to deliver critical care services. Still discussed today due to its significant global impact was the 2017 WannaCry attack. This ransomware attack infected approximately 230,000 computers across 150 countries in just a few hours, exploiting a critical vulnerability in unpatched versions of the Windows 7 operating system, which was then widely in use. During the attack, infected hospitals were prevented from accessing their digital systems and medical devices, resulting in significant disruption to patients and healthcare teams. This included teams that had to revert to manual processes, interruption of radiology services, canceled outpatient appointments, elective admissions and outpatient procedures, and emergency ambulances that had to be diverted to other hospitals.
Overall, the scale and impact served as a wake-up call regarding the vulnerability of HDOs to cyber threats and the importance of a strong cybersecurity solution and strategy in healthcare.
Another notable ransomware attack occurred in 2020 against the University of Vermont Health Network (UVMHN). The attack on UVMHM affected the entire clinical network of the health system across multiple hospitals and medical facilities. During the attack, hundreds of employees were unable to fulfill their professional responsibilities and many patients faced delays in test results, had appointments canceled, and had to reschedule elective medical procedures. According to public reports on the incident, the health network continued to face setbacks and financial losses eight months after the initial attack — with estimated incurred costs of more than 63 million dollars.
UVMHN also suffered serious reputational damage due to its lengthy recovery process, which resulted in delays in patient care. From this incident, healthcare organizations learned the unique and lasting ramifications of ransomware attacks and that no HDO is immune to cyber losses. That is why it is crucial for organizations to implement protection against cyber incidents, comply with industry regulations and standards, and follow best practices for implementing effective cybersecurity in healthcare.
ACTAR has a dedicated practice area and specific offerings for IoT protection and solutions tailored to the Healthcare industry, with numerous success stories at leading hospitals and health insurers in Brazil.
Contact us to learn how we can support you on this journey.
