If healthcare doesn’t strengthen its cybersecurity, it could soon be in critical condition

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Stéphane Duguin, CEO, CyberPeace Institute


  • A study of healthcare cyberattacks in over 30 countries shows the scale of the rising threat.
  • Ransomware attacks dominate the broadening scope of threats to healthcare providers.
  • More action is needed from actors in the sector, cybersecurity firms and governments to ensure access to healthcare.

It’s hard to imagine anything more cynical than holding a hospital to ransom, but that is exactly what’s happening with growing frequency. The healthcare sector is a popular target for cybercriminals. Unscrupulous attackers want data they can sell or use for blackmail, but their actions are putting lives at risk. A cyberattack on healthcare is more than an attack on computers. It is an attack on vulnerable people and the people who are involved in their care; this is well illustrated by the breadth of healthcare organizations, from hospitals to mental health facilities to pharmaceutical companies and diagnostic centres, targeted between June 2020 and September 2021.

Cyberattacks on healthcare have continued to plague the sector since the start of the COVID-19 pandemic. At the CyberPeace Institute, we have analyzed data on over 235 cyberattacks (excluding data breaches) against the healthcare sector across 33 countries. While this is a mere fraction of the full scale of such attacks, it provides an important indicator of the rising negative trend and its implications for access to critical care.

Over 10 million records have been stolen, of every type, including social security numbers, patient medical records, financial data, HIV test results and private details of medical donors. On average, 155,000 records are breached during an attack on the sector, and the number can be far higher, with some incidents reporting the breach of over 3 million records.

Poor bill of health

Ransomwareattacks on the sector, where threat actors lock IT systems and demand payment to unlock them, have a direct impact on people. Patient care services are particularly vulnerable; their high dependence on technology combined with the critical nature of their daily operations means that ransomware attacks endanger lives. Imagine being in an ambulance that is diverted because a cyberattack has caused chaos at your local emergency department. This is not a hypothetical situation. We found that 15% of ransomware attacks led to patients being redirected to other facilities, 20% caused appointment cancellations, and some services were disrupted for nearly four months.

Ransomware attacks on the sector occurred at a rate of four incidents per week in the first half of 2021, and we know this is just the tip of the iceberg, as there is a significant absence of public reporting and available data in many regions. Threat actors are becoming more ruthless, often copying the data, and threatening to release it online unless they receive further payment.

Health records are low-risk, high reward targets for cybercriminals – each record can fetch a high value on the underground market, and there is little chance of those responsible being caught. Criminal groups operate across a wide range of jurisdictions and regularly update their methods, yet we continue to see that attackers act with impunity.

Incidents over time by healthcare sub-sector
Incidents over time by healthcare sub-sector Image: CyberPeace Institute

Securing the right to healthcare

We can, and should, be doing better. The first step is with cybersecurity itself. Healthcare cybersecurity suffers from a general lack of human resources. More people need to be trained and deployed.

Software and security tools need to be secure by design. This means putting security considerations at the centre of the product, from the very beginning. Too often security options are added as a final step, which means they paper over inherent weaknesses and loopholes.

Healthcare organizations should also do more, particularly increasing their investment in cybersecurity to secure infrastructure, patch vulnerabilities and update systems, as well as building and maintaining the required level of cybersecurity awareness-raising and training of staff. Healthcare organizations also need to commit to due diligence and standard rules of incident handling.

But these matters are ultimately too big for individual organizations to solve alone. Governments must take proactive steps to protect the healthcare sector. They must raise the capacity of their national law enforcement agencies and judiciary to act in the event of extraterritorial cases so that threat actors are held to account. This requires the political will and international cooperation of governments, including for investigation and prosecution of threat actors.

One point of real concern from our analysis is that information about cyberattacks, such as ransomware incidents, is inadequate due to under-reporting and lack of documentation of attacks. Thus it is impossible to have a global view of the extent of cyberattacks against the healthcare sector. To build even a partial picture of such attacks meant us accessing and aggregating the data that ransomware operators – the criminals – publish or leak online.

It is not acceptable that they are the significant source of information relating to cyber incidents and threats posed to the sector. We want to shift away from data published by or from malicious actors and encourage stronger reporting and transparency relating to cyberattacks by the healthcare sector to improve both the understanding of the threat and the ability to take appropriate action to reduce it.

Our analysis shows that 69% of countries for which we have recorded attacks have classified health as critical infrastructure. Healthcare must be recognized as critical infrastructure globally. Designation as critical infrastructure would ensure that the sector is part of national policies and plans to strengthen and maintain its functioning as critical to public health and safety.

Governments must enforce existing laws and norms of behaviour to crack down on threat actors. They should cooperate with each other to ensure that these laws are put into operation in order to tackle criminals that operate without borders. More should be done to technically attribute cyberattacks to identify which actors have carried out and/or enabled the attack.

Health is a fundamental human right. It is the responsibility of governments to lead the way in protecting healthcare. People need access to reliable, safe healthcare, and they should be able to access it without worrying about their privacy, safety and security.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

We hope there is global recognition that the status quo is unacceptable and that we can all do more to prevent cyberattacks against healthcare, protect the victims of such attacks, and hold perpetrators to account.

the sting Milestones

Featured Stings

Stopping antimicrobial resistance would cost just USD 2 per person a year

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Lebanon: UN rights office calls for de-escalation of protest violence

Here’s how companies can make sure they are blockchain-ready

Why the financial scandals multiply?

JADE Generations Club: Connecting perspectives, changing Europe.

At global health forum, UN officials call for strong, people-focused health systems

To entrepreneurship and beyond!

My ‘’cultural’’ contacts with China

‘We are nowhere closer’ to Israeli-Palestinian peace deal, than a year ago, Security Council hears

‘Rare but devastating’ tsunamis underscore need for better preparation, UN chief urges on World Day

‘Regional security and integration’ in Central Africa under threat, Security Council warned

‘Spectre of poverty’ hangs over tribes and indigenous groups: UN labour agency

Recovery and Resilience Facility: Romania submits official recovery and resilience plan

Artificial intelligence: Commission takes forward its work on ethics guidelines

Industrial policy: recommendations to support Europe’s leadership in six strategic business areas

The ocean is teeming with microplastic – a million times more than we thought, suggests new research

Can Obama attract Iran close to the US sphere of influence?

Bring killers of journalists to justice: UN agency seeks media partners for new campaign

Regulate social media platforms to defend democracy, MEPs say

Canada has the most comprehensive and elaborate migration system, but some challenges remain

G20 LIVE: World Leaders in Turkey for G20 Summit. Global Economy will be discussed in Antalya

These countries are the most optimistic about economic recovery from the pandemic

Last-chance Commission: Why Juncker promised investments of €300 billion?

COP25: Developing nation’s strike hard

Ireland’s planning to make its Emerald Isle even greener

Peer-to-peer learning: a way to develop medical students’ trainings

ISIL continues to pose a ‘serious challenge’ worldwide – UN counter-terror chief

Biodiversity: MEPs demand binding targets to protect wildlife and people

Leaders need hard data to make the hard decisions about sustainability

Nicaragua ‘crisis’ still cause for concern amid murder, torture allegations: Bachelet

Trump: Hostile to Europe, voids Tillerson’s “ironclad” ally pledge

Businesses, governments and consumers to implement a more climate-friendly approach to #BeatPlasticPollution on World Environment Day 2018

Right2Water initiative: Is the Commission ready to listen to citizens?

Trump’s withdrawal from the Paris climate deal is bad for US business. Here’s why.

3 natural mysteries that could be explained by quantum physics

The winds of change: 5 charts on the future of offshore power

Millions of Bangladeshi children at risk from climate crisis, warns UNICEF

COVID-19 and the importance of scientific credibility in decreasing the number of cases

Antitrust: Commission opens investigation into possible anti-competitive conduct of Amazon

Plastic is a global problem. It’s also a global opportunity

NASA is recruiting new astronauts – this is what it takes to apply

Why it’s time to celebrate migrants

Fighting forest fires in Europe – how it works

The Pegasus Project awarded the 2021 Daphne Caruana Galizia Prize for Journalism

Detecting online child sexual abuse requires strong safeguards

Sexual reproductive health rights SRHR and ending HIV: can one be achieved without the other?

Greenhouse gas emissions have already peaked in 30 major cities

Transparency, EU values, and pluralism: new rules for European political parties

Central Asia bloc has important role in ‘peace, stability and prosperity’ beyond region, says Deputy UN chief

Greater transparency, fairer prices for medicines ‘a global human rights issue’, says UN health agency

It’s time to end our ‘separate but unequal’ approach to mental health

How smart tech helps cities fight terrorism and crime

EU and Mercosur reach agreement on trade

UN committed to helping Haiti build better future, says Guterres, marking 10-year anniversary of devastating earthquake

Antitrust: Commission sends Statement of Objections to O2 CZ, CETIN and T-Mobile CZ for their network sharing agreement

5 things to know about the exploding world of pro gaming

World Food Programme accesses Yemeni frontline district for first time since conflict began

UN chief calls for ‘immediate end’ to escalation of fighting in southwestern Syria, as thousands are displaced

The world’s food waste problem is bigger than we thought – here’s what we can do about it

A Sting Exclusive: “Seize the opportunity offered by Africa’s continental free trade area”, written by the Director General of UNIDO

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: