The global healthcare industry is increasingly embracing digital technologies, such as cloud, big data, internet of things (IoT), remote monitoring, and more, to deliver the best patient care. However, as more digital technologies are utilised, the greater potential there is for cyberattack. Healthcare data is particularly sensitive to cyberattack, since healthcare cyber breaches often involve loss of sensitive personal information and medical records.

Changing Threats

Listed below are the changing nature of cyber threats impacting the cybersecurity in medical themes, as identified by GlobalData.

Ransomware

Ransomware, wherein a victim’s most critical files are held hostage, is a form of cyberattack that is on the rise. In 2016, security company Malwarebytes surveyed 500 companies in four countries and found that one-third had been the victim of a ransomware attack.

Ransomware refers to malicious software that takes control of a computer and encrypts the data on it, rendering it inaccessible. The hackers then demand a payment, typically in the form of bitcoin, in exchange for handing over the encryption keys.

The WannaCry ransomware attack is one of the most high-profile ransomware attacks in recent memory. On May 12, 2017, the attack targeted computers running the Microsoft Windows XP operating system by encrypting data and demanding ransom payments in bitcoin.

The medical sector is not immune to ransomware attacks. In June 2020, a hospital in Colorado, US reported a ransomware attack that targeted software essential to accessing patient records.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Medical Device Network.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Insider and privilege misuse

According to a 2016 Data Breach Investigation by Verizon, around 77% of breaches fall within the insider and privilege misuse category. These breaches are caused by an internal party or individual. This could be an indication of a lack of appropriate cybersecurity measures within an organisation.

Many organisations have started to offer cybersecurity education and training to employees and staff. Approximately 48% of insurers surveyed by Accenture reported experiencing malicious insider threats, while 55% lacked confidence in their internal security monitoring.

The 2020 Data Breach Report by Verizon indicates that privilege misuse is also a significant cause of factor in cyber threats in the healthcare sector, with insider and privilege misuse leading to 8.7% of cyberattacks. However, in the previous year, insider and privilege misuse made an even greater contribution to healthcare cyberattacks at 23%.

Denial of service (DoS)

A DoS attack is a form of cyber-attack that aims to shut down a network, application, or machine, or make them inaccessible to users such as employees, members, or account holders. This can be accomplished by flooding the targeted network with traffic or sending information that causes a crash, thus interrupting the network service.

Victims of DoS attacks are typically players from the banking, media, commerce, government, and trading sectors. One type of DoS attack is Distributed Denial of Service (DDoS), which occurs when multiple systems organise a synchronised DoS attack on one target. An example of a DDoS attack was that suffered by the British Broadcasting Corporation (BBC) website in January 2016.

Botnets are created when a hacker temporarily takes control of millions of internet-enabled devices such as security cameras or TV set-top boxes by remotely infecting them with hidden malware. The botnet can then be used to mount DDoS attacks by instructing the infected devices to send simultaneous data requests en masse to a single server, causing the server to overload and crash.

DoS and DDoS attacks also occur in the healthcare sector and are particularly worrisome when they occur in hospitals since access to critical patient information can be compromised, according to the Centre for Internet Security (CIS). One example of a large DDoS attack that occurred in the healthcare sector was the attack of Boston Children’s Hospital in 2014.

Hacktivist groups

Increasingly, more sophisticated hacking has been perpetrated by groups of hackers against governments, nations, and states rather than against an individual. Anonymous and Lulz Security are two of the most widely known hacktivist groups. Anonymous, in alliance with Ghost Squad Attackers, claims to have brought down several central banks in this way, including the Bank of Greece, the Federal Reserve Bank of Boston, the Bank of England, and the Bank of France. Hacktivist groups also target healthcare facilities, and Anonymous has also been credited with the DDoS attack against Boston Children’s Hospital.

Online fraud

Online fraud is on the rise behind technology cycles such as peer-to-peer (P2P) lending, mobile banking, e-commerce, and the IoT. Social media encourages the reckless dissemination of personal information on the web, which facilitates identity theft. As more personal data ends up stored in the databases of internet companies, specialist data resellers can create more and more big data algorithms that dissect this data for resale.

With telehealth on the rise, more and more personal health information continues to be shared online, making sensitive information vulnerable to cyberattacks through online fraudulent activities. Online fraud in healthcare often takes one of three primary forms: provider fraud, cyber scams, and medical identity theft.

In provider fraud, healthcare providers use online billing systems to commit fraud, such as charging for more expensive procedures than were actually provided. Cyber scams include marketing ads targeting patients and/or providers with fake products or other scams. Medical identity theft occurs when someone’s personal information is stolen and used to fraudulently obtain medical services.

This is an edited extract from the Cybersecurity in Medical Devices – Thematic Research report produced by GlobalData Thematic Research.