The healthcare sector is in the midst of a pressing cybersecurity crisis. With a recent string of high-profile incidents, from Advanced health systems to the University of Manchester, alongside numerous NHS Trusts there has been a constant stream of breaches over the last year. Only this summer, we witnessed one of the worst cyberattack cases in healthcare to date, with more than 70 terabytes of sensitive data stolen from Barts Health NHS Trust, the UK’s largest NHS Trust.
These are not isolated incidents but part of an alarming trend threatening all healthcare providers and adjacent organisations. Claroty’s Global Healthcare Cybersecurity Study 2023 found that 78% of healthcare organisations experienced at least one cyberattack in the past year. These incidents often come with a hefty price tag and, more alarmingly, a significant impact on patient care.
One of the key factors driving the rise of the cyberattack in healthcare, is the increased reliance on cyber-physical systems and the convergence of IT and operational technology (OT) networks.
Here, we discuss the impact of these attacks on providers and patients and how the sector can better secure its infrastructure to mitigate these risks.
The current state of healthcare cybersecurity
Healthcare is a prime target for opportunistic criminal gangs who are seeking an easy payday through two broad goals: to get hold of sensitive data and cause mass disruption.
First, attackers will seek to steal sensitive patient records, staff information, and financial data. Protected health information (PHI) has long been a commodity on the dark web and is a popular resource for criminals, facilitating targeted attacks, fraud, and blackmail. Of the organisations experiencing an incident over the last year in our report, 30% reported PHI being compromised.
Additionally, attacks are increasingly centred around causing disruption, particularly via ransomware. We found over 60% of incidents involved disrupted care delivery. Ransomware has become a growing problem for all industries. Still, healthcare is uniquely vulnerable as disruption can quickly put patients at risk – a fact criminals will exploit as leverage for bigger ransom demands.
The prevalence of cyber-physical systems further increases the risks around ransomware. The average front-end healthcare provider has a growing Extended Internet of Things (xIoT) network encompassing everything from standard HVAC and security systems to specialised connected medical devices such as heart rate monitors and automated insulin pumps. Each connected asset presents threat actors with another potential entry point and increases the impact of a disruptive attack.
The many impacts of a healthcare cyberattack
The impact of a cyberattack in healthcare is multi-faceted, affecting finances, operations, and patient care. Financially, immediate costs like ransom payments and remediation activity are just the tip of the iceberg. Our study reveals that over a third of affected organisations saw attack costs exceed $1 million.
Operational downtime is a significant cost driver, and we found that 60% of incidents had a moderate to substantial impact on operations. Attacks on critical IT systems such as record databases and appointment management can cause widespread disruption and cancellations.
An attack in August caused severe disruption to hospitals across five US states, with some being forced to close emergency rooms and divert ambulances. An attack on a French hospital last year resulted in multiple operations being cancelled, with some neonatal and intensive care patients being urgently transferred to other facilities.
Incidents like these that directly risk patient safety are the greatest concern. 15% of incidents we assessed had severe repercussions, potentially compromising patient health. When cyber-physical systems like medical devices are affected, the risks can quickly escalate, even leading to potentially life-threatening situations.
Why medical technology elevates the cyber risk
Cyber-physical systems, from medical devices to building management systems, are integral to healthcare but also pose significant cybersecurity risks – 47% of incidents in our study affected these systems.
There are two issues at play here. First, when these systems are compromised, the consequences can be catastrophic. In a worst-case scenario, a cyberattack on a healthcare device, like an infusion pump, could lead to incorrect medication dosages, posing life-threatening risks to patients. But even simply rendering a device temporarily unavailable can cause delays and cancellations.
The second issue lies in the interconnected nature of these systems. As well as being vulnerable to disruption, a healthcare provider’s extended IoT (xIoT) also serves as a security weak point. They are often linked to broader healthcare networks, making them potential entry points for attackers aiming to disrupt operations or access sensitive data.
Addressing the risks associated with cyber-physical systems is a critical component of a comprehensive healthcare cybersecurity strategy. It requires a multi-layered approach that includes regular vulnerability assessments, robust authentication protocols, and ongoing staff training.
The critical steps to a resilient healthcare environment
Building cyber resilience in healthcare is not a one-off task but a continuous effort that involves people, processes, and technologies. Claroty’s study indicates that 51% of healthcare organisations have increased their security budgets, signalling a shift towards prioritising cybersecurity.
The most important priority is to gain full visibility into all connected devices in the clinical environment. Security is impossible without seeing and understanding everything on the system. That said, this can be a monumental task without the right tools, as healthcare organisations are likely to have large numbers of cyber-physical systems brought in over multiple years scattered across their facilities.
Organisations will likely need multiple, flexible discovery methods to identify and manage their asset inventory fully. A highly automated approach is essential here, as manual discovery will be long and arduous.
Once all connected devices are accounted for, properly integrating them into the existing IT security stack is the next step. Existing IT security controls and governance must be extended to cover all cyber-physical systems to address gaps and blind spots before they can be exploited in an attack.
Finally, network segmentation is an extremely powerful tool for securing connected medical technology. Segregating cyber-physical systems can reduce the risk of threat actors using them as a gateway into the network, minimising the impact on medical assets during a breach.
Skills and leadership are essential, too
Technological solutions are vital but have to go hand in hand with robust processes and a skilled workforce. This can be challenging due to the ongoing cyber skills drought – we found most healthcare organisations are actively looking to hire cybersecurity professionals but are struggling to find qualified candidates. An increased use of automated security tools and outsourcing to specialist providers can be a good starting point to overcome these challenges.
A sound security strategy starts at the top, and leadership plays a pivotal role. The good news is that 78% of organisations have clear leadership in place around medical device security, usually centralised under IT security. This centralised approach aids in streamlining cybersecurity measures across various departments.
Healthcare organisations must act now to bolster their cybersecurity posture. The price of inaction is simply too steep – not only in financial terms, but more crucially, in the risks it poses to human lives.
For the best chance to protect their patients from cyber threats, healthcare providers must prioritise gaining full visibility and understanding of their IT infrastructure. Only with this foundational knowledge can they begin to identify gaps and effectively implement security tools like network segmentation.
A strong cybersecurity posture isn’t just about shielding against financial setbacks; it’s about safeguarding the very heart of healthcare: the well-being and safety of patients.
By Ty Greenhalgh, Healthcare Industry Principal at Claroty