They hold personal sensitive information that criminals want either to enable further crimes or to hold for ransom. But workers also need remote access to this sensitive information and frequently use cutting edge medical device technology which might not be as secure as they could be, both of which increases the risk of a successful attack.
According to a study by Obrela Security Industries, 81% of healthcare organisations suffered a ransomware attack in the last year. The survey of 100 cybersecurity managers found that 38% paid the ransom to get their files back, while 44% didn’t pay and lost their data.
64% of organisations had to cancel their in-person appointments due to a cyber-attack while 65% believe that a cyber-attack on their systems could lead to a loss of life.
IBM’s X-Force Threat Intelligence Index 2022 stated as well although ransomware was the top threat, Business Email Compromise accounted for 25% of attacks.
IBM found that vulnerability exploitation was the top way that cyber criminals gained access to systems (59% of attacks) followed by phishing (29%) and the use of stolen credentials (14%).
The war in Ukraine sparked the NHS England (NHSE) chief operating officer, Sir David Sloman, to advise trusts to ensure their IT systems were “patched and protected, and that immutable backups are in place”. But are smaller providers doing likewise? According to Cirrus, the healthcare sector is particularly susceptible to supply chain attacks, with suppliers being an easier route for attackers to gain access to a more lucrative target. This demonstrates that cyber-attacks can and do affect all sizes of organisation.
If you’re a small healthcare provider, make sure you are not the weak link in the supply chain.
The ECRC is a police-led, not for profit organisation which companies can join for free.
Our core membership provides:
· Threat alerts both regionally and nationally
· Signposting to free tools and resources from both Policing and the NCSC
· Little steps programme – series of weekly emails which aligns to cyber essentials looking at bite-sized practical information to build cyber resilience
Click to Open Code Editor