The digitalization of the healthcare system brings more challenges than anticipated. One of those challenges are cyberattacks, which have been classified as low priority threats. Now during a worldwide pandemic, the healthcare system has never been so necessary. However, it has also made the healthcare sector more vulnerable, which has attracted cyberattacks in growing numbers. Awareness is needed to attract investments and take actions into creating a more resilient digitalized healthcare sector.
The Covid-19 pandemic has shocked the global healthcare system. Doctors, nurses and researchers are working under constant pressure and demand. Unfortunately, on top of their daily work, they are now also under cyber-attack according to a report (2021) by the CyberPeace Institute.
Hidden Tolls
One of the crucial discoveries that the CyberPeace Institute exposes is the direct link that a cyber-attack has on human lives. From rerouting ambulances to delaying surgeries, hackers are playing with life or death at the click of a button. Apart from the physical harm caused by cyber-attacks, though, the psychological impacts are far greater. Patients, doctors and nurses sense an increase in stress and anxiety combined with a constant fear that a cyber-attack will occur again. Hospitals feel powerless due to a lack of control, and patients feel betrayed as their privacy has been breached. Society at large is scarred as well. With attacks involving the spreading of Covid-19 disinformation and stealing medical records, people start to distrust and even fear the system. There is also the financial burden that hospitals are left with after having suffered from a cyber-attack. These costs are not only associated with ransomware but also include lost medical equipment, re-training staff, and any damages caused to reputations.
Clear Vulnerability
The healthcare sector has always been a target due to financial and political incentives. These incentives have now been heightened as a result of the Covid-19 pandemic. The flaws of the healthcare system are as follows: (1) it contains valuable data; (2) it carries a responsibility to continue ‘business as usual’ even during a cyber-attack (which makes them easy bait for ransomware attacks); and (3) it is especially vulnerable to hackers due to the essential services it offers the public. Yet, the strongest motive for cyber-attackers is that the healthcare sector’s digital system is weak and lacks cybersecurity.
The healthcare sector’s weak digital framework results from an absence in incorporating one single digital system across different healthcare organizations. As a result, the different health organizations are left developing their own digital systems. The Covid-19 pandemic has accelerated this development and the risks that come with it. With 88% of questioned healthcare organizations allowing personal devices to be connected to the organizations’ network and 83% of medical devices running on systems without any form of cybersecurity, the healthcare sector leaves itself exposed to unsecure devices and a wider breach possibilities. Additionally, since cybersecurity is perceived and treated as a secondary concern for healthcare organizations, it lacks financial investments and personnel. The CyberPeace Institute’s report (2021) indicates that “An estimated 6% of US hospitals’ IT budget is allocated to Cybersecurity.” Because of the Covid-19 pandemic, working from remote and a rise in tele-healthcare have become the new norm. Together with the health sector’s already fragile digital infrastructure and underinvested cybersecurity, there is increased exposure and risk of cyber-attacks.
An Unfortunate Outcome
Empirical evidence regarding increased cyber-attacks on the healthcare organizations’ digital systems was announced by the European Medicines Agency (EMA) last December. The EMA painfully announced that its agency was successfully breached in a cyber-attack, in which data related to the Covid-19 vaccine of Pfizer and BioTech was stolen. Following this announcement, IBM’s cybersecurity department called ‘X-Force’ and the US Department of Homeland Security made revelations about multiple cyber-attacks on companies and government organizations that were distributing Covid-19 vaccines. The cyber-attacks targeted the vaccine’s distribution supply chain, preventing the vaccine from being received at safe temperatures.
The evidence of cyber-attacks on the health care sector is clear, and the negative impacts it has on society are immense. As a result of the Covid-19 pandemic, the healthcare sector has been a target like never before. The value of Covid-19 related data is both financially and politically increased due to this global crisis. Hackers have incentives to spread disinformation through stealing and manipulating data regarding the development of Covid-19 vaccines. It follows that hackers will take advantage of healthcare organizations’ weak digital systems, as they are now even more fragile due to tele-healthcare and remote working conditions. Disrupting supply chains related to the Covid-19 vaccine distributions, is also proven as a method for hackers to attack the healthcare system. It is therefore essential that more awareness, investments and actions need to be taken to creating a more resilient digital infrastructure for healthcare organizations.
