The proliferation of an increasingly accessible and connected healthcare sector has been accelerated by the COVID-19 pandemic in an effort to keep patients and providers safe. This rapid increase in connectivity has led to an increased number of points of contact, which outside attackers could use to obtain sensitive data.
In May, a ransomware attack on Colonial Pipeline caused fuel shortages along the East Coast of North America. Over the past year, hospitals have increasingly been targeted by attacks that can cause a disruption of services. In 2019, the American Medical Collection Agency was targeted, resulting in a stunning breach of healthcare information that affected 21 million individuals and drove the organisation to file for Chapter 11 bankruptcy.
The severity of these breaches varies, but the most alarming type are ransomware attacks that can prevent access to patient records or medical devices. Based on research conducted by Cybersecurity Ventures, global ransomware damage costs are estimated to reach $20bn in 2021. This kind of attack is largely opportunistic, and the threat reduces drastically once best practices are adopted. Organisations that do not have access to backups or the ability to efficiently reset compromised systems are more likely to find themselves faced with desperate options, such as paying the ransom demanded by their attackers.
GlobalData, a leading data and analytics company, is tracking 155 networked medical devices in active development and nine telehealth services that launched in direct response to the pandemic. The value provided to patients and providers by increased connectivity is apparent, but the risk involved is not. An oversight by manufacturers or healthcare providers in the deployment of these systems can expose networks and sensitive healthcare information.
Investing in data protection measures and personnel can bring increased visibility to these risks and prevent future damages. Healthcare providers, in particular, should be familiar with the different outcomes of taking preventative rather than reactive measures. Most jurisdictions have harsh penalties in place for healthcare data breaches, which emphasises the importance of a patient’s right to privacy.