Healthcare organizations face a 32% surge in cyberattacks, with sensitive patient data being sold on the Dark Web. Hospitals worldwide are vulnerable, as cybercriminals exploit weak defenses and digital health records.
A new report has revealed a troubling trend: healthcare organizations across the globe are falling victim to increasingly sophisticated cyberattacks, leaving patients and patients’ families vulnerable to financial gain.
According to recent data from Check Point Research, the global weekly average number of attacks per organization within the healthcare industry has increased by 32% over the same period last year, reaching a staggering 2,018 per week.
The targeted institutions, including vulnerable hospitals, are constantly under the triple threat of cybercrime such as ransomware attacks, data theft, and even selling access to these critical healthcare networks on the dark web.
A closer look at the data reveals that around the world, the top regions of attack are:
The Asia-Pacific (APAC)
The Asia-Pacific (APAC) region has suffered the most from these attacks. With 4,556 weekly attacks per organization, a 54% increase, this region is responsible for the majority of healthcare cyberattacks, driven by the rapid expansion of digital health records and telemedicine.
Latin America
Latin America also faced a substantial increase in these attacks. With 2,703 weekly attacks per organization, a 34% increase, this region is particularly vulnerable due to weaker regulations and underfunded cyber security initiatives.
Europe
According to Check Point’s report, Europe, despite experiencing fewer weekly attacks at an average of 1,686, saw the largest percentage increase at 56%, highlighting a growing reliance on digital tools without parallel investments in security.
North America
North America, with 1,607 weekly attacks and a 20% increase, remains a prime target due to the wealth of sensitive patient data and established digital infrastructure.
The impact of these cyberattacks is severe. The situation is serious enough that the World Health Organization (WHO) has called for caution, declaring 17 September World Patient Safety Day to highlight the risks associated with cyberattacks in the healthcare industry.
On the other hand, cybercriminals are also using ransomware-as-a-service (RaaS) to target healthcare organizations, partnering with others to carry out attacks and siphoning off sensitive data.
A real-life example, according to Check Point, involves a hacker known as Cicada3301, who posted an advertisement on a Russian-language underground forum offering ransomware-as-a-service. He demands a 20% commission on successful attacks and even provides negotiation mechanisms for disputes among partners.
To mitigate these risks, healthcare organizations must adopt comprehensive cybersecurity measures, including technological solutions, employee training, and improved security policies. Key steps include using anti-ransomware solutions, regularly backing up data, segmenting and limiting access to information, educating staff on recognizing cyber threats, installing updates and patches, and ensuring strong passwords and multi-factor authentication.
Compliance with national and international privacy standards and regulations is also important to ensure patient safety. By securing all devices and using the best security solutions, healthcare organizations can better protect themselves against cyber criminals and protect the well-being of their patients.