Cyber Attacks in Hospitals: Making More Damage Than Ever

According to the American Hospital Association, healthcare systems and hospitals are among the primary targets for hackers due to an increasing dependency on Internet-connected technologies.

Cyber attacks disrupt services in hospitals and cause delays in care delivery, putting lives in danger and affecting patient outcomes. Ransomware attacks have increased through the years, and hackers aim to steal patients’ medical records, among other private data, to sell or ask hospitals for money to return information.

Hackers can get $1 per record selling this private information in bulk or can obtain $1,000 for a specific record, according to Mark Gaudet, a cybersecurity expert at the Canadian Internet Registration Authority (CIRA).

This article is primarily based on information from the Department of Health & Human Services, the Multi-State Sharing and Analysis Center, the American Hospital Association, articles published in the National Library of Medicine, statistical studies, and the #stop ransomware guide.

small hospital that may be at risk for cyber attacks — Hospitals big and small are at risk for cyber attacks.

US Hospitals under Cyber Attacks

A hospital in Vermont, which was the victim of a cyberattack in 2020, estimates that the financial cost for the institution was $1.5 million per day. From the clinical point of view, the cyber attack caused their electronic health record not to work for 28 days, the radiology system went down for six weeks, and their lab couldn’t send results to other hospitals.

As another example, on Thanksgiving morning in 2023, the news once again covered cyber attacks on hospitals, and people opened their newspapers or news apps to headings such as the following, “Two NJ hospitals continue to divert patients after cyberattack.”

These cyber attacks affected hospital chains in at least four states: New Jersey, Texas, Oklahoma, and New Mexico. This hospital hack shut down several computerized services, forcing different hospitals to divert patients from the emergency department and reschedule non-emergency surgeries.

In the following example, we will see more closely how an Indiana hospital fought to recover from a cyber attack. Hospital ransomware attacks are increasing in the United States, and this was one of the victims.

The hackers infiltrated the hospital’s health system network and asked for $3 million in bitcoins. During the attack, the hospital had to send runners between departments to deliver results and take orders, and they had to return to use pen and paper for medical records and notes.

The hospital didn’t pay the ransom and went digitally dark. They had to divert ambulances and had various difficulties until they could function normally, which took them nearly six months.

Which Are the Most Common Hospital Cyber Attacks Today?

Healthcare has various types of cyberattacks. However, we are going to explore the most common ones:

Ransomware: In this type of attack, cybercriminals encrypt data, making it inaccessible until hospitals pay the ransom. This malware infects machines through phishing emails with malicious attachments, malicious links, and advertising containing malware.
Data breaches: The healthcare industry suffers more data breaches than any other sector since personal health information is valuable in the black market. The loss of a computer or device, credential-stealing malware, or accidental patient data disclosure can cause these breaches.

With patient’s electronic medical records (EMRs), cybercriminals can use the drug prescription information to order drugs through mail-order programs and later on sell these drugs on the black web. Also, they can steal identities since they gain access to Social Security numbers and birthdates.
Criminals may use Medicare insurance IDs to obtain insurance fraudulently.
With the accessed information from EMRs, cybercriminals can commit tax fraud, among other criminal activities.

Distributed denial of service (DDoS) attacks: In this type of attack, cybercriminals overwhelm networks to make them inoperable.
Business email compromise (BEC): Cybercriminals use compromised accounts to deceive employees into transferring money to a fraudulent account, pretending to be a CEO or a person of power in the organization.
Insider threats: Although external threats are the most common problem in cybersecurity, someone within the organization can also become a threat since they have legitimate access to the network and know its vulnerability.

Is the Death Toll Due to Hospital Cyberattacks Mounting?

A Ponemon Institute study of the cost and impact on patient safety and care after cyber attacks showed that 46 percent of the responders said cyberattacks increase the mortality rate, and 38 percent said they increase complications in medical procedures.

Potential Vulnerabilities in Healthcare

Since hospitals depend more on Internet-connected technologies to improve their services and obtain better patient outcomes, hackers are taking advantage of the points of entry that new technologies open to affect systems that are part of the nation’s critical healthcare infrastructure.

The Internet of Things (IoT) and operational technology (OT) are vulnerable to cyber attacks and at constant risk, but what are these technologies?

The IoT is a network of objects like devices and appliances, among other things, which have implemented sensors, software, and network connectivity. This technology allows data exchange throughout the network, allowing physicians and clinicians to be in different places yet still monitor and analyze data.

OT is the hardware, firmware, and software used to make or detect changes in physical processes controlling and monitoring physical devices.

With the rise of cyber attacks and hospitals being one of the principal targets of hackers, there are different initiatives to enhance hospitals’ cybersecurity. Therefore, the Department of Health and Human Services, along with other institutions, works on the Hospital Cyber Resilience Initiative: Landscape Analysis and has found the following:

Ransomware attacks on hospitals have changed, and the damage they cause has increased since 2021. Ransomware is the most significant hospital threat.
Ninety percent of the hospitals surveyed use multi-factor authentication (MFA), but the institutions may use this security protection inconsistently across systems and entry points.
Surveyed hospitals answer that they conduct vulnerability scanning, but most don’t use advanced testing forms.
There is variability in staff training regarding cybersecurity responsibilities and duties among employees, and there isn’t enough data on the effectiveness of the training.
The delivery of care at home is becoming more popular, requiring medical equipment connected to a network, which also creates new points of entry for cyber attacks. Therefore, it is necessary to protect these communication technologies to deliver care without risking the healthcare system.
Ninety-nine percent of the surveyed hospitals have basic spam and phishing protection. Nevertheless, basic protection can’t eliminate all the current cyber attacks.
Only 49 percent of the hospitals answered that they have adequate processes to manage the risks in the supply chain.
Usually, cybercriminals don’t use medical devices as a point of entry. However, this possibility is a cybersecurity concern that hospitals must consider.
Hospitals have differences in how they face cybersecurity; some have limited budgets and difficulty staying current with cyber threats.
Most hospitals surveyed said they work with software with known vulnerabilities or old operating systems, including medical devices.
Premium cybersecurity insurance is rising by 46 percent on average, making access difficult for some hospitals.
Having the right cybersecurity personnel is hard to maintain, and other industries pay more. Therefore, the most qualified people tend to go to other sectors.

General Practices to Prevent Ransomware Attacks

Some practices can help prevent cyber attacks. The following list offers guidelines that may help your institution mitigate and prevent cyber attacks:

Have a comprehensive asset management approach.
Apply the principle of least privilege to all systems. Give employees the access needed to perform their jobs.
Maintain all virtual machines and hypervisors up-to-date and hardened.
Enable security settings in the cloud environment.
Implement network segmentation.
Create and update the institution’s network diagrams.
Restrict the use of Powershell, a cross-platform task automation solution composed of a scripting language, a command-line shell, and a configuration management framework, to specific users on a case-to-case basis.
Secure domain controllers.
Conduct constant assessments.
Have a security baseline of network traffic and tune network appliances to detect anomalies.
Prevent the malicious use of remote access and remote management and monitoring software.
Keep and secure logs from network devices, cloud services, and local hosts.

The rising use of technology in healthcare facilities leads to increased vulnerability to cyberattacks.

The Growing Cost of Hospital Cyber Attacks

The healthcare sector in the United States faces a significant increase in cyber attacks, disrupting care and affecting patient outcomes and privacy. The Ponemon Institute study shows that in 2023, the average total cost for a single cyber attack was $4.9 million, which constitutes an increase of 13 percent compared to the previous year.

Disruptions in healthcare services cost hospitals 30 percent more on average than in the previous year: $1.3 million to regain normal operations. From all the surveyed institutions, 88 percent answered that they were victims of at least one cyber attack in 2023.

Of all the participants in the study, 100 percent had at least one incident of sensitive data loss, and insiders were the leading cause. Four ransomware attacks, on average, in the previous two years affected 54 percent of the institutions in the study. The same percentage of institutions also suffered five BEC attacks in the previous two years.

Cyber attacks are acts that threaten lives and have financial motivations. They are getting more complex since well-trained cyber gangs have more resources, equipment, and protection. If you are not a hospital administrator but run a healthcare facility, read more about the three essential steps for cybersecurity.

Additional Sources: