HUCENCY

Cyberattacks in the healthcare sector: some statistics

Cyberattacks of all kinds affect organizations across all industries. Their average cost rises significantly each year. It rose from €9,000 per company in 2019 to €52,100 in 2020. (source: bayvet-basset.com)

Inevitably, the healthcare sector has not been spared: ransomware, phishing, spear phishing… In 2016 and 2017, several cyberattacks targeted nearly one-third of hospitals in England. For example, WannaCry affected 300,000 computers in 150 countries. These malicious acts cost the National Health Service nearly 100 million pounds (approximately 115 million euros), resulting in the cancellation of 19,000 appointments. (source: the UK Department of Health).

Many French facilities were affected, including those in Villefranche-sur-Saône and Dax last February, as well as Oloron-Sainte-Marie in March. This led to the suspension of hospital operations, the cancellation of appointments and certain medical tests, and the disruption of access to computer systems and telephone communications.

For example, a Swiss medical and social care facility was also forced to pay a ransom to cybercriminals.

In addition, other sectors of the healthcare industry have fallen victim to cyberattacks. Most recently, the pharmaceutical sector was targeted, with the Pierre Fabre Group being attacked in late March 2021. (source: siecledigital.fr)

Or take the Doctolib platform in July 2020, which was the victim of a data breach involving administrative information related to 6,128 medical appointments. (source: usine-digitale.fr)

The director general of the National Cybersecurity Agency (ANSSI) states that more serious attacks are now occurring “ now at a rate of one per week ” and adds, “ “We have no choice but to respond; it is a matter of ethics when hospitals are affected ."

Why is the healthcare sector being targeted?

Unlike OIVs (Operators of Vital Importance), hospitals are not considered as critical by ANSSI and are not required to protect their IT systems.

The healthcare sector is under constant strain. This is due to a lack of material and financial resources, but also, more specifically, to the global pandemic. The hospital sector is a particularly critical area. That is why cybercriminals strike a nerve with entire countries and believe it is easier to extort ransom payments from them.

Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) play a significant role within their organizations. By raising their teams’ awareness of the issue of phishing, since the entry into force of the General Data Protection Regulation, organizations must better protect their information systems.

A cyberattack in the healthcare sector is extremely costly in several ways:

lives are at risk when all computer systems are down.
the postponement of certain operations, in the absence of a swift return to normal
the time wasted returning the paper and pen, and then scanning everything once the system is back up and running.
in some cases, the cost of a system restore.
the complexity of managing drug inventories, for example, which is computerized.
not to mention the ransom demanded (50,000 dollars in Bitcoin for the hospital in Oloron in the Pyrénées-Atlantiques).

The full extent of a cyberattack—whether in terms of human, physical, or financial impact—is very difficult to measure accurately. This is why attackers can continue to cause harm even after systems have been restored. The data they collect can be used months or even years later against healthcare facilities—or even against patients themselves.

That is why Avant de Cliquer helps healthcare facilities protect themselves against phishing, as a member of theAPSSIS we place great importance on protecting your health data.