The short answer is, yes. Cyberattacks on hospital systems have doubled in recent years and show no signs of stopping. Ransomware accounted for about one-quarter of all intrusions last year, and the rise in data extortion operations allowed just one of these ransomware hacking outfits to collect over $123 million in profits by 2020.
The Impact of Covid-19
COVID-19-related assaults and ransomware exploits against hospitals are to blame for the increase in healthcare-related cyber attacks. According to a report, 35% of attacks on hospital systems were the result of scanning and exploiting open vulnerabilities in hospital networks. The COVID-19 pandemic expanded the broad use of telemedicine, and a quick shift to virtual operations highlighted the critical role that information technology, software, and medical equipment can play in enhancing patient care. Securing medical devices is vital to ensure there is no lapse in patient care and threat to hospital infrastructure.
Medical Devices are at Risk
Medical equipment is very susceptible to cyber-attacks, jeopardizing the health, safety, and privacy of patients. From the design stage to their usage in healthcare organizations, linked medical devices that significantly improve patient care and give improved patient outcomes should be maintained and upgraded to guarantee patient safety.
Security Concerns are Growing
Security worries about medical devices have risen in the last year as a result of repeated vulnerability exposures that potentially jeopardize patient safety. A lack of insight into how many devices are on a hospital’s network, as well as a significant number of aging legacy equipment that cannot be easily patched, are a hefty obstacle to medical device security.
Ransomware Attacks on Hospitals
A ransomware assault targeted the University of Vermont Health Network in late October 2020. For over a month, the system was unable to access electronic health records. The malware had infiltrated every computer at UVM Medical Center just as COVID-19 cases in the United States began to rise in what would become a massive winter wave.
Impacts on Patient Health
The hospitals in the network, unfortunately, postponed necessary chemotherapy and mammography appointments. These instances demonstrate the impact of cyberattacks and data breaches on the healthcare business, which is highly reliant on linked medical equipment. Patient Health Information (PHI) recorded and stored in these linked medical devices must be protected. PHI is sent via server-based systems over the cloud, making it highly vulnerable to hackers.
Windows Attacks and Vulnerability
Staying on top of quality gaps and vulnerabilities in software is critical to preventing systems from being abused. Microsoft Windows systems are vulnerable to cyber-attacks, especially out-of-date versions like Windows 7. Unfortunately, only 44% of healthcare organizations have updated their systems to Windows 10, with 56% still operating legacy Windows 7.
The Threat of WannaCry Ransomware
The first known ransomware attack that affected networked medical devices occurred in May 2017. This was the infamous WannaCry ransomware outbreak which impacted infected more than 200,000 devices across 150 countries. This ransomware assault infected Microsoft Windows-based machines. Users’ data were kidnapped, and a Bitcoin ransom was required to get them back. The harm inflicted by this assault may have been prevented if not for the ongoing usage of antiquated computer systems and a lack of education about the importance of updating software.
The Danger of Outdated Devices
This means that these Windows 7 devices will no longer receive the necessary updates they need to stay secure. In reality, older Windows systems are used by more than half of all endpoints, or 500,000 devices. Meanwhile, 65% of firms in all other industries utilize Windows 10 platforms, compared to 29% who use outdated systems. Hospitals may not have the time, resources, or understanding of how dangerous running outdated systems are.
It’s no simple task to update operating systems across organizations with complicated IT infrastructures and vast fleets of devices. Using an outdated operating system might make an organization more vulnerable to attack. Outdated systems are more vulnerable to attack and can put an organization in danger. Because they had not updated their Microsoft Windows operating system, computer users were victims of the WannaCry assault.
In conclusion, due to the hospital system’s large attack service, often outdated equipment, a large number of IoT medical devices, and lack of IT support staff to manage critical infrastructure, hospitals are at increased risk for cyber attacks. Hospitals can help avoid cyber assaults if all stakeholders work together to address the cybersecurity vulnerabilities and hazards present, update all software on a regular basis and employ knowledgeable security staff.