Finance, administration, industry, research, tourism, retail, construction, automotive, food processing, publishing, energy, and of course the internet…
Every sector is now a potential target for cybercriminals. The healthcare sector is no exception to cyberattacks. On the contrary, they are actually increasing exponentially in that sector!
In fact, every year, cyberattacks threaten healthcare facilities, testing laboratories, research institutions, and medical applications.
The healthcare sector is full of examples
In May 2017, the WannaCry cyberattack on the British National Health Service (NHS) infected 16 healthcare centers and 200,000 computers, leading to the cancellation of nearly 20,000 appointments. This malware also disabled more than 1,200 diagnostic devices.
March 2019: Montpellier University Hospital fell victim to a phishing attack; an email opened by an employee contained a virus that infected more than 600 computers.
In June 2019, a ransomware cyberattack crippled the French group Eurofins.
Similarly, in March 2020, the AP-HP and its 39 facilities in the Île-de-France region were hit by a massive distributed denial-of-service (DDoS) attack.
In addition, between March and April 2020, the WHO received several phishing emails. Exploiting the COVID-19 pandemic, these phishing emails were used to obtain data on vaccines and treatments.
In July 2020, the Doctolib platform fell victim to a cyberattack. More than 6,000 pieces of appointment data were stolen (last name, first name, gender, phone numbers, email addresses, and physical addresses, as well as the healthcare provider’s name). It’s worth noting that Doctolib has 35 million patients and 135,000 healthcare providers!
And this is by no means an exhaustive list of cyberattacks in the healthcare sector…
According to the Europe 1 website, “there isa cyberattack every three days in hospitals.” It is therefore imperative to take action now.
In its report titled“State of the Ransomware Threat Against Businesses and Institutions,” available on the ANSSI website, CERT-FR presents a new analysis. This study focuses on attacks carried out for financial gain and their financial impact on businesses and institutions. Furthermore, CERT-FR notes that the sectors targeted by ransomware attacks among the incidents handled by ANSSI are “primarily local governments and the healthcare sector.”
Avant De Cliquer is a member ofAPSSIS, the Association for the Security of Health Information Systems, the only organization dedicated to the cybersecurity of health information systems and data.
Cyberattacks: What Are the Real Health Risks?
Data extortion, which involves holding information hostage in order to:
- destroy it.
- impersonate someone.
- sell it (medical data fetches a high price on the Dark Web).
- to exert power over vulnerable individuals.
- to publish it in order to damage the organization’s reputation…
A complete shutdown of the computer system would cause the equipment to malfunction, putting patients' lives at risk.
Financial risks:
In accordance with GDPR requirements, all organizations, regardless of their sector or size, are required to implement appropriate security measures to protect personal data.
Any violation of the regulations may result in the CNIL imposing a fine of up to 20 million euros (or, in the case of a company, up to 4% of its global annual revenue).
That is why all solutions must be implemented before an incident occurs, not after it happens. Training employees and stakeholders in cybersecurity is one of the key priorities for any organization looking to reduce cyber risk.
