2023: Over 100 million battled virtual invaders in healthcare cyberattacks.

In 2023, healthcare cyberattacks have affected more than 100 million people, reportedly making it the most damaging year in relation to cybercrimes against healthcare organisations. This information was shared by John Riggi, national adviser for cybersecurity for the American Hospital Association.

• According to federal data on breaches of health data, approximately 106 million individuals have been impacted by cyberattacks. This signifies a drastic increase from the 44 million people affected in 2022.
• Contrary to common misconceptions, the number of attacks hasn’t necessarily increased but rather the severity and reach of these attacks.
• Amidst approximately 475 reported attacks this year, the average breach has impacted more than 200,000 individuals. This onward trend is likely due to cyberattackers gaining access to databases holding large volumes of data.

On a worrying note, cyberattacks are considered to pose real threats to both patient safety and patient care. In certain situations, hospitals have had to transfer patients to other facilities following cyberattacks or even postpone elective surgeries.

• Riggi highlights the rise of new modes of cyberattacks where criminals are no longer focusing on just encrypting networks but are also stealing patient data. This creates a dual pressure for ransom payment- to restore network access and to prevent patient data from being published online.
• Furthermore, despite having cybersecurity measures in place, hospitals and health systems are not immune to attacks through third-party services or breaches targeting their vendors.
• Even governmental organisations like The Centers for Medicare & Medicaid Services have reportedly experienced breaches with contractors in the year.

Given the growing criticality of the problem, the role of Artificial Intelligence (AI) is becoming increasingly important in both committing and combating cyberattacks. For instance, attackers are already using AI to write persuasive phishing emails and to craft malware to exploit identified vulnerabilities in networks. On the defensive side, AI can help health systems promptly identify vulnerabilities and accelerate the application of patches.

Despite the rising tide of cyberattacks, Riggi remains positive about strides being made by hospitals and health systems. He advocates for a more concerted effort from the government in going after ransomware groups, especially those operating from foreign nations with governmental support. The article concludes by highlighting the pivotal role that AI will play in the ongoing ‘arms race’ against cyberattacks.