Hospitals: COVID-19 and Cybercrime
COVID-19 left hospitals less resourced and more vulnerable than most Americans have seen in their lifetimes. At the same time, the pandemic has created a spike in cyber crime rates, with a rise as much as 600%. When you combine these two data points, it’s clear that medicine and life sciences in general are in need of stronger cybersecurity protocols.
Of all cybercrime victims, medical institutions suffer particularly harsh consequences. Hospitals simultaneously hold the highest stakes for victims of cyberattack and the highest reward for attackers. At a Los Angeles hospital where one COVID patient dies every 6 minutes, the last thing the institution needs is a data breach that exposes thousands of patients’ confidential information, from health records to billing details to social security numbers.
Hospitals are a hotbed of sensitive data. There are few other locations where so much private information is stored about such a large quantity of people. Consequently, the pandemic has seen hospitals become cybercrime hubs. In 2020, 491 out of 619 successful ransomware attacks victimized American healthcare companies.
It has been reported that the two most common cyberattacks that medical institutions suffer are ransomware and data breaches. Ransomware attacks are when a facilities’ devices are hijacked by malicious actors who acquire confidential data and keep it away from its owners until attackers’ demands are met. This usually happens through encryption of stolen records. Data breaches are when attackers break into systems containing patients’ medical and financial records, rendering them vulnerable to robbery and identity theft.
In 2021, many hospitals are still powered by machines with operating systems more than ten years old. Underfunded hospitals are dominated by legacy devices that were not designed to be secure. All it takes is one weak link in a facility’s system for an entire network to become vulnerable.
It was bad enough that healthcare amenities were top-shelf prey in the eyes of cybercriminals before the pandemic. After the pandemic, the threat is many times worse.