What are the threats to cybersecurity in the healthcare sector?
According to the European Union’s cybersecurity agency (ENISA), between January 2021 and March 2023 in Europe, the majority of incidents affecting the healthcare sector targeted healthcare providers (53% of incidents) and particularly hospitals (42% of incidents).
Ransomware is one of the main threats (54% of incidents), both in terms of number of incidents and their impact on organizations, and this trend is set to continue. In addition, it should be noted that 43% of ransomware incidents are coupled with a data breach or theft.
“For the past five years, the threat most feared by hospitals has been cybercrime, particularly ransomware. They block all or part of an information system, making services inoperable. In addition to blocking the information system, the hackers exfiltrate the data and demand a ransom to prevent disclosure. It’s a double whammy: the hospital can no longer function, and the confidentiality of patient data is compromised.
The vulnerabilities identified within healthcare facilities make them targets for attackers who try their luck as soon as they find a breach, and these breaches can be linked to poor IT hygiene. It is therefore urgent to implement all the best practices that will help hospitals to get rid of their status as privileged targets for low-cost scams.”
Vincent Trely, President of the Association for Healthcare Information Systems Security (APSSIS).
The impact of cyberattacks in the healthcare sector
In terms of impact, according to ENISA, incidents observed between January 2021 and March 2023 in Europe mainly caused:
- data breaches or theft (43%),
- disruptions to healthcare services (22%).
In recent years, incidents affecting hospitals have multiplied, forcing them to operate in degraded mode for periods that can extend over several months. The consequences for patients can be severe, and it may then require them to be transferred to other hospitals. These attacks also damage the reputation of targeted organizations, especially if patients’ personal data are involved.
“In 2024, almost 100% of a hospital’s functions will be digitized. So when a hospital is attacked, the major problem is not only the leakage of patient data, but also the unavailability of services.
Once the cyber-attack is over, it can take months to rebuild the information system. One year after an attack, a hospital that could provide around 60 chemotherapies a day was forced to reduce this rate by 75% – a situation that obviously has consequences for patient care. An attack has repercussions far beyond workstations and servers!”
Vincent Trely, APSSIS President
Taking cyber risks into account for healthcare facilities
The ENISA study mentioned earlier reveals that:
- only 27% of healthcare organizations surveyed have a ransomware defense program,
- and 40% have no security awareness program for business teams.
Finally, another study by the NIS Cooperation Group mentions that:
- 95% of healthcare organizations surveyed face difficulties when assessing risks,
- and 46% have never even carried out a risk analysis!
The sector’s cybersecurity needs are obvious.
“Since the 2000s, the healthcare sector has been energized and helped to deploy numerous IT solutions for business teams. This has happened very quickly, and sometimes to the detriment of cybersecurity.
Today, a hospital may have between 250 and 300 software applications, and all this architecture needs to be secured within budgetary constraints. Securing an information system in this context is a major challenge.
Security measures are essential for a healthcare facility, and we must be able to dispel the preconceived notion that they represent an obstacle. One of the roles of CISOs is to understand the needs of information system users, by meeting with them in person to understand their uses and propose an appropriate strategy. The aim of this approach is to educate people about cybersecurity issues, and to reassure them that security systems are compatible with the daily missions of caregivers.”
Vincent Trely, APSSIS President
Healthcare: how to protect against cyber threats?
With the aim of accelerating the protection and resilience of healthcare facilities, the French Ministry of Health and Prevention has set up a program named CaRE (Cybersecurity Acceleration and Resilience of Establishments). This program has a dual objective:
- to prevent attacks from succeeding,
- to enable establishments to recover as quickly as possible.
It is an ambitious action plan for years 2023 – 2027, divided into 4 areas:
- Governance and resilience
- Resources and sharing
- Raising awareness
- Operational security
“I recommend that all healthcare establishments follow the measures from the CaRE program, which address the challenges of an effective and comprehensive cybersecurity strategy.
The priorities, in my view, are to carry out a risk analysis, map the information system, invest in protection tools (data backup tools, EDR, EPP); but also to reinforce directory protection (Active Directory, etc.), control access rights to the information system, keep the installed base up to date, and carry out regular crisis exercises. In addition to the CaRE program, the European NIS2 directive will reinforce compliance requirements in terms of cybersecurity.”
Vincent Trely, APSSIS President
Cybersecurity: EDR to meet the needs of healthcare facilities
Among the measures to be put in place, the CaRE program recommends supervising all endpoints. The aim is to be able to identify intrusions or attempted intrusions as early as possible.
With this in mind, EDR is one of the essential tools for detecting and responding to threats. In addition, it provides an overall and detailed view of information system activity, and it enables to react to security events (behavior or suspicious files) and investigate them effectively.
It aims both to detect known and unknown threats (notably with the help of AI), and to provide a maximum amount of information to dispel doubts in the event of a security event.
It’s a strong ally for healthcare facilities’ security teams and IT departments!
Before you buy, here are the criteria you need to evaluate as a priority:
- support of operating systems, which must be as broad as possible (OS and versions), as a hospital’s IT fleet is generally heterogeneous,
- the ability to detect both known and unknown threats from virus databases,
- preservation of endpoints performance, even when they are not very powerful,
- EDR interoperability with other solutions already deployed on the IT fleet,
- easy integration with other security tools,
- the fact that detection rules are customizable and in standard formats (e.g., YARA / Sigma), and the possibility of integrating indicators of compromise (IOCs), to facilitate the work of cybersecurity experts.
These are essential criterias for healthcare establishments, whose IT environments are often complex, including critical equipment, and whose attack surface is significant.
In short, EDR performance and its ability to integrate into an IT infrastructure without disrupting business uses are crucial – particularly for mission-critical applications, or imaging or medical biology equipment that must be able to work in all circumstances.
How does HarfangLab EDR meet the cybersecurity challenges
of healthcare facilties? Read about the experience of Brest University Hospital: