Healthcare Sector is the Biggest Target for Cyber Attacks
Healthcare organizations are becoming the biggest target for cyber-attacks due to the growing complexity and sensitivity of the data they store. Healthcare records contain highly sensitive information, such as Social Security numbers, medical history, financial information and insurance details. This data is attractive to cyber criminals because it can be used for identity theft and to commit fraud. Additionally, healthcare organizations are often seen as soft targets, as many lack the resources to invest in robust cyber security measures. As a result, healthcare organizations are increasingly being targeted by cyber criminals, with the number of attacks growing year-on-year.
Dr. R.S. Nehra, Director of International College for Security Studies (ICSS) and Principal Consultant, Cyber Security at Aakash Healthcare said the hospital has made several upgrades in the past few months. This includes the implementation of multi-factor authentication for all employees which ensures that only authorized individuals have access to sensitive data. The hospital has also upgraded its firewalls and intrusion detection mechanism to strengthen network security. [SOURCE: livemint.com]
Types of Cyber Attacks on the Healthcare Industry:
1. Data Breaches: Data breaches occur when an unauthorized entity accesses sensitive data, such as patient records or insurance information.
2. Malware Attacks: Malware attacks are designed to install malicious software onto healthcare systems, allowing attackers to take control of the system and access sensitive data.
3. Phishing Attacks: Phishing attacks involve sending fraudulent emails that appear to be from legitimate organizations. The emails contain malicious links or attachments that can install malware onto healthcare systems.
4. Distributed Denial-of-Service (DDoS) Attacks: DDoS attacks flood a system with traffic to overwhelm it and prevent users from accessing it. These attacks can be used to disrupt healthcare services or steal data.
5. Ransomware Attacks: Ransomware attacks involve encrypting a healthcare system’s data and demanding a ransom to decrypt it.
6. Insider Attacks: Insider attacks involve employees or contractors using their access to healthcare systems to steal data or disrupt services.
Cyber Attacks on Healthcare Industry in India
1. System Compromise: In April 2019, the Indian Medical Association (IMA) reported that a cyber-attack had compromised the personal data of over 2.9 million people.
2. Malware Attacks: In August 2018, a malware attack on the Apollo Hospitals Group impacted patient data and caused disruptions to the group’s services.
3. Phishing Attacks: In February 2019, the Indian Health Ministry reported that several government health organizations had been targeted by phishing emails.
4. Distributed Denial-of-Service (DDoS) Attacks: In December 2018, a DDoS attack on the Medical Council of India (MCI) caused disruption to the MCI’s services.
5. Ransomware Attacks: In January 2018, a ransomware attack on the National Health Mission (NHM) caused disruptions to the NHM’s services.
6. Insider Attacks: In January 2018, an insider attack on the Employees’ State Insurance Corporation (ESIC) resulted in the theft of patient data.
Cyber-attacks on AIIMS Server:
In November 23, 2022 – The All India Institute of Medical Sciences (AIIMS) suffered a cyber-attack on its server. The attack was carried out using ransomware, a type of malicious software designed to encrypt data and demand a ransom to decrypt it. The cyber attackers demanded a ransom of 10 Bitcoin, which is equivalent to approximately $300,000. The attack affected the AIIMS’s internal systems, causing disruption to the institute’s services. AIIMS was able to contain the attack and restore its systems without paying the ransom.
It is difficult to predict cyber-attacks in the future. However, it is likely that AIIMS will continue to be a target for cyber attackers in 2022. AIIMS will need to ensure that its systems are adequately protected against the latest cyber threats and that its staff is trained in recognizing and responding to potential cyber-attacks.
Hospitals Fortify Cyber Security on Attacks:
In order to fortify cyber security against attacks, hospitals should take the following steps:
- Implement IT Security policies: Hospitals should develop policies that outline security protocols and procedures for dealing with cyber threats.
- Install antivirus software: Hospitals should install antivirus software to detect and remove malicious software.
- Conduct regular employee training: Hospitals should provide employees with regular training on cyber security best practices.
- Monitor system access: Hospitals should monitor and log system access to identify any suspicious activity.
- Implement two-factor authentication: Hospitals should implement two-factor authentication to ensure that only authorized users can access sensitive data.
- Backup data regularly: Hospitals should regularly back up data to ensure that it can be restored in the event of a cyber-attack.
STATISTICS: Cyber-attack on the healthcare sector in India
- India saw a total of 5,898 cyber attacks on healthcare and medical organizations in 2020, a 37% increase from 2019.
- The healthcare sector was the second most targeted sector in India, accounting for 16.3% of all cyber attacks in 2020.
- Phishing attacks were the most common type of attack on healthcare organizations, accounting for 44.8% of all attacks.
- Ransomware attacks were the second most common type of attack, accounting for 21.5% of all attacks.
- India experienced an average of 20 ransomware attacks per day in 2020.
STATISTICS: Cyber-attack on the healthcare sector in World
- The healthcare sector accounted for 28% of all cyber attacks worldwide in 2020.
- Healthcare organizations experienced an average of 2,400 attempted cyber attacks every day in 2020.
- The healthcare sector experienced an average of 1,000 ransomware attacks per month in 2020.
- Worldwide, the average cost of a healthcare data breach was $7.13 million in 2020.
- Phishing attacks were the most common type of attack on healthcare organizations, accounting for 47.9% of all attacks.
- Ransomware attacks were the second most common type of attack, accounting for 21.7% of all attacks.
Cyber-attacks on the healthcare industry are growing and hospitals must take steps to protect their systems from malicious actors. Hospitals should implement IT security policies, install antivirus software, conduct employee training, monitor system access, implement two-factor authentication, and regularly backup data. By taking these steps, hospitals can fortify their cyber security and protect themselves from cyber-attacks.