It did not take long for the healthcare sector to embrace autonomous systems and next-gen technology. Modern-day hospitals are quickly adopting the new infrastructure that is backed by interconnected systems and IoT medical devices. These ‘smart hospitals’ incorporate a combination of legacy and next-gen systems, aimed to boost the efficiency of hospital functions, manage patient data more easily and save more lives in the process.
However, although this may seem like a step towards a brighter future, it poses a bigger threat than before as well. This is because when hospitals transition into cyberspace, they are bound to encounter the dangers looming in cyberspace as well. This migration to a smart infrastructure has provided a larger attack surface for cybercriminals and nation-state threat actors than ever before.
Cybercrime: No-one is Safe
We have long established that even hospital and health-care services are no longer secure from data breaches and cyberattacks. In fact, according to the Cost of Data Breach Report 2020 posted by the Ponemon Institute and IBM security, healthcare suffers from the highest average breach costs out of 17 surveyed industries for the 10th consecutive year.
The report states that the average breach cost for 2020 was $7.13 million, indicating a 10.5% increase since 2019. Moreover, it takes an average time of 329 days to identify, trace and contain a data breach in the healthcare sector.
‘Cyber-resilience’, the ability to maintain the availability and functionality of services in the face of cybercrime, is becoming the need of the hour for smart hospitals. The first step of which is to identify and secure the most ‘critical’ areas of a hospital’s functionality. If these critical areas are compromised, they can cause a disastrous impact on the overall infrastructure of patient care.
An example of a critical component of smart hospital systems is the networking system since it manages the exchange of crucial data between hospital data systems and medical devices. Important data is constantly flowing in this interconnected system for analysis and communication. The security for such systems needs to be reinforced to prevent a potentially disastrous outcome.
How are Hospitals Being Attacked?
Smart hospitals integrate multiple IoT systems and autonomous medical devices that are interconnected. These devices offer many points of targeted entry for malicious threat-actors and thus need to be properly managed.
Malware is probably the biggest source of attacks for hospitals as they can orchestrate complete data breaches or even cease the operation of critical systems and equipment. Once the malware has gained access, it can quickly infect all interconnected mobile phones, computers, servers, and IoT devices.
Phishing and attacks are socially engineered to bait people into providing access to the internal systems. Denial of service attacks (DoS) is another huge potential threat that bombards hospital services and renders them unavailable.
Why Do Cybercriminals Target Healthcare Services?
Medical patient data is increasingly in demand in black markets by malicious criminals who aim to threaten, scam, or blackmail people. Ransomware or DoS attacks essentially cease critical hospital services until a ransom is paid, a delay which could result in patient deaths and millions of dollars in losses.