A seemingly new case of cyberattack on a hospital has emerged close on the heels of the severe cyberattack on the country’s top government-run hospital, All India Institute of Medical Sciences (AIIMS) last week.
Meanwhile, the server of All India Institute of Medical Sciences (AIIMS) Delhi remained hacked for more than a week. It is feared that the data of around 3-4 crore patients could have been compromised due to the breach. The India Computer Emergency Response Team (CERT-IN), Delhi Police, and Ministry of Home Affairs representatives are still examining the ransomware attack.
After AIIMS Delhi, another top hospital in the city Safdarjung Hospital had been hit by Cyber Attack, the severity being less than the AIIMS attack though. The officials said that unlike AIIMs cyberattack on Safdarjung Hospital was not ransomware attack and that the hospital's IP was blocked. According to the officials, the hospital runs OPD services manually therefore it had not been badly impacted.
Last year, Mahatma Gandhi Memorial (a trust-run) hospital in Mumbai was affected by a similar cyber-attack. The hospital administrators found their systems locked and noticed an encrypted message by the attackers demanding ransom in Bitcoins to unlock it.
As of last week, a homegrown cyber security firm claimed in a report on Friday that a data set belonging to Sree Saran Medical Center (SSMC) at Tirupur in Tamil Nadu is presently being sold on the dark web by a ‘threat actor with a high reputation’. The data set allegedly contains personal health and identifiable information of more than 150,000 patients who have been served by SSMC. However, the data is from between 2007 and 2011, said the security firm.
According to Researchers, there were more than 1 million cyber-attacks of various types across global healthcare sector. Of these, 278,000 attacks were reported in India alone.
Why are hospitals being targeted ?
Healthcare institutions handle massive quantities of personal and private data, which may be extremely useful to thieves and terrorist organisations. Hospitals, pharmacies, care centres, and other healthcare companies are therefore major targets for cybercriminals.
Healthcare businesses rarely take risks; on occasion, they require assistance investing in cutting-edge security systems, making them simple prey for sophisticated ransomware and other forms of cybercrime.
The COVID-19 epidemic has been used as a weapon by cybercriminals. In the previous five years, data breaches in the healthcare industry have increased, and when the pandemic struck in 2020, they increased by a staggering 42%. The healthcare industry was the target of 60% of all ransomware attacks recorded in 2020. Such circumstances are exploited by cybercriminals.
Which cyber threats put healthcare the most at risk?
Ransomware is the type of cyber-attack that healthcare institutions are particularly vulnerable to. Researchers discovered 68 healthcare ransomware infections globally between July and September of last year. In the United States, 60% of healthcare ransomware attacks happened, with medical facilities being the most commonly targeted.
According to researchers, ransomware will strike 38% of healthcare businesses globally in 2023. 64% of healthcare businesses indicated that cybercriminals had successfully encrypted data. Another 35% paid the ransom to get their data returned.
Phishing is one of the most widespread cyber risks across the board, affecting 81% of firms. Healthcare is no different, and phishing attacks are among the most widespread in the industry. Phishing may range from broad email efforts designed to fool employees into providing passwords to highly targeted tactics designed to extort bogus invoice payments.
During the height of the COVID-19 pandemic, phishing attacks rose by a staggering 220%. Email-related cyber-crime, including phishing attacks and business email compromise in the healthcare industry, rose by 42% in 2021.
How to tackle it ? Do we need more awareness and training ?
The general public and healthcare and pharma employees must be informed about modern day Cyber threats how to protect themselve from it. Cyber Attack is a significant threat to the virtual world. The right set of knowledge and information of these threats is not completely known by every individual, hence its imperative to conduct Cyber Security Awareness training and Simulation practices to gage the maturity of Cyber Awareness amongst individuals.