In 2022, the number of cyber-attacks targeting firms or public-sector organizations increased by 38%. Medical establishments were particularly affected: with a 74% increase in cyber-attacks in one year, the health sector has experienced the biggest increase.
This year again, many hospitals have been crippled by malware attacks, and huge data leaks have occurred. These include Shields Health Care Group, a U.S. provider of medical services, which has experienced a large data leak: medical data from more than 2 million patients has been stolen.
Why are medical organizations, and hospitals in particular, prime targets? Why is medical imaging particularly sensitive to cyber-attacks?
Medical Institutions: lucrative targets for cyber-criminals
Several factors explain the attractiveness of the medical sector for cyber-criminals:
- A lack of modernity: historically, the healthcare sector embarked upon its digital transformation rather late in the day. Relying on infrastructures that are no longer up-to-date, obsolete versions of operating systems or applications, etc., medical establishments have long been easy prey for hackers, who simply exploit vulnerabilities not patched by their targets.
- Insufficient investment in cybersecurity: before the health crisis, the topic of cybersecurity was underestimated by a large number of medical establishments. The explosion in the number of cyber-attacks affecting healthcare establishments since 2020 has triggered awareness, but investment in cybersecurity is often still too low in relation to the current threat level.
- Highly prized medical data: health data is the most sought after data by cyber-criminals. And for good reason: it is sold at an extremely high price. Social security numbers, mutual insurance numbers, medical information, etc. are bought by criminals specializing in fraud, identity theft and even blackmail. As holders of this data, medical establishments are therefore a priority target.
- Establishments are likely to accede to ransom demands: ransomware involves an attack that holds an organization’s data hostage. All data is encrypted and rendered inaccessible by malicious software. Cyber-criminals then demand a ransom, often equivalent to several million euros, in exchange for the return of this data.
Ransomware can have dramatic consequences for a hospital: it is impossible to use certain applications or machines, to access patient data, etc. with a vital impact on patient health. Faced with an emergency, some hospitals therefore agree to pay the ransom. Even if accepted, they are not immune to double punishment: a second ransom demand in exchange for non-disclosure of the data captured.
Medical imaging, a representative example of cybersecurity issues
Medical imaging, which consists of producing images of the human body (by a CT scan, an MRI, etc.) and analyzing them in order to establish a diagnosis or track the progression of a pathology, perfectly illustrates the challenges of cybersecurity for the medical field.
The sensitivity of imaging information makes it a prime target for criminals. However, medical images give rise to numerous file exchanges, as they are sent to different specialists and sometimes require several opinions. It is enough that malware is introduced in these exchanges to exfiltrate this sensitive information or to destabilize the entire chain waiting for the images to make a medical decision.
Also, a medical imaging system can be interconnected with other hospital systems, such as electronic medical records. In other words, if a system is compromised, it can serve as an entry point to attack other parts of the hospital network, thereby undermining the overall confidentiality and security of data.
In addition, some medical imaging devices are designed with a focus on their functionality and effectiveness, rather than safety. It is therefore important, as a medical institution, to check the robustness of each digital solution in terms of cybersecurity before adopting it.
The phenomenon of cyber-crime in the healthcare sector is rife. While hackers are industrializing their malicious activities and making their attacks increasingly complex, medical establishments must invest heavily to protect their data and that of their patients and also to avoid service disruptions.