Key Points:
- Cyberattacks on healthcare sector reached a record high in 2023, with over 100 million individuals affected compared to 44 million the previous year.
- Ransoming patient data and double-layered extortion techniques are increasingly being used, forcing hospitals to exhaust resources, transfer patients and compromise patient safety.
- Healthcare organisations and national governments must work together to address these security threats, prioritise cybersecurity measures and hold malware groups accountable.
- Artificial Intelligence (AI) has become a double-edged sword in this war, helping to detect threats on the one hand while also being used by ransomware groups to create convincing phishing emails and malware.
Healthcare cyberattacks have soared in 2023, affecting more than 100 million people – a record increase from the 44 million individuals affected in 2022. Cybersecurity advisor for the American Hospital Association, John Riggi, says the number of attacks hasn’t necessarily increased, but the damage inflicted and the volume of people affected have grown.
Hackers have adopted more sinister techniques, including ransoming patient data, locking hospitals out of life-saving technology, ambulances diversion, and delaying patient treatments which have put countless lives at risk. Attackers have also used ransomware to infiltrate software and encrypted databases while also stealing patient records. Other tactics include double-layered extortion – simultaneously exfiltrating data and demanding money for its return.
While hospitals are working on strengthening defences, Riggi emphasised the importance of governments launching aggressive actions against malware groups. He also highlighted the need for increased cooperation between government bodies and health systems to handle these issues.
Artificial Intelligence (AI) has introduced a new dimension in this cyberwar. Although AI helps in quickly scanning networks and detecting vulnerabilities, it’s also being exploited by attackers to create compelling phishing emails and malware that can identify vulnerabilities and develop exploits.
Riggi ended by stating that healthcare organisations and CEOs need to consider cybersecurity as their top enterprise risk issue. This situation demands a combined offensive-defensive approach with every government, military, intelligence, and law enforcement agency working together to monitor and respond to these threats.