One of the most vulnerable industries in cyberspace is the health industry as this industry usually lacks certain security standards for confidential data and is exposed to cybercriminals due to increased dependency on digital platforms. Moreover, these vulnerabilities could also affect life of any patient.
One of the life-threatening risk which is becoming prevalent among cybercriminals is modifying patient’s information on medical devices through injecting malware which tends to wrong treatment on patient. And in today’s commercial world, personal health information is far more worthful than financial information. So now the need has arisen to secure the overall data of the health industry and to prevent the health institutions from prevailing cyber attacks.
Nevertheless, there are several risk associated with the automated or digital mechanisms used for treatment of the patient and the innovative control systems applied to run efficiently the health institutions. So, some of the risks associated with the health industry are mentioned below and ways to mitigate these risks.
Recent Trend and Cases of Cyber Attacks on the Health Sector in India
As per data generated and released by the cybersecurity think tank CyberPeace Foundation itself, around 1.9 million cyberattack incidents occurred this year i.e., till November 28, 2022. A total of 41,181 unique IP addresses traced from Vietnam, Pakistan, and China were used to execute these attacks.
- All India Institute of Medical Science (AIIMS) New Delhi: Recently AIIMS, Delhi was hit by a ransomware attack on November 23, 2022 which made them shut down all its servers and rely on manual operations.
- Attack on ICMR website: Just after the attacks on AIIMS, one more cyber incident occurred on the website of one of the apex bodies in medical research i.e., ICMR. According to one government official from National Informatics Centre (NIC) cyber attackers attempted to attack 6000 times within 24 hours on 30th November, 2022. And most of these attacks happened from Hong Kong based blacklisted IP addresses.
- COVID 19 Test Results of Indian Patients leaked Online: During covid, the data or lab test results of patients were uploaded on government websites and meant to be not accessed by the public, were leaked by the cybercriminals. Data like patient’s name, date of birth, reporting centres, test results, etc are made public through the content delivery network (CDN).
- Sree Saran Medical Centre Cyber Attack, Tamil Nadu: As per the analysis of Cloudsek and its report, personal health information of around 150k patients from this hospital based in Tamil Nadu compromised and has been put on sale on dark web. Data includes names, birth dates, doctor’s names, and guardian’s names were compromised according to the Cloudsek report. However, this claim was totally negated by the chairman of this hospital. The fact is Cloudsek researchers in their investigations used doctors’ names in order to identify the actual name of the
Reasons for the healthcare sector becoming vulnerable in cyberspace
- Data stored on digital platforms: It is important to note that though digital data has its own benefits, it creates easy access to cybercriminals.
- Outdated and internet-connected devices: The majority of health institutions are not concerned with updating their devices with the features such as the discovery or disclosure of vulnerabilities and maintaining best security practices in their systems. On the contrary medical professionals totally relied on these devices to monitor their patients regardless of the situation which could affect the patient’s health and thus become easy and effective targets for
- Petty Corruption: Internal employees or staff have access to the organization’s as well as patient’s data stored in the control systems and medical devices respectively. Employees with malicious intentions could misuse this access vis-a-vis data.
- External threat: External threats are the major reasons which are responsible for making the health sector vulnerable in cyberspace. Examples of external threats are data breach, ransomware attack, Spear phishing and Business Email Compromise(BEC), and Distributed Denial-of-Service Attacks.
External and Internal threats in cyberspace
- External threats
- Ransomware attack: This is one of the cyber attacks in which firstly the data are encrypted crucial for the patient’s treatment and then the cybercriminals demand some money to unencrypt these data. Anyway, the whole process makes it difficult to manage the health of the patient.
- Data Breach: In the health industry data breaches is becoming common because this information is the most sought after by hackers these days due to their worth more than financial information in the black market.
- Spear Phishing and Business Email Compromise (BEC) : Both these methods are used to gain access within the networks of the health institution i.e., either by sending phishing emails to the employees or building trust among employees through sending seemingly genuine mail which is generally exploited by the hackers to gain access in the networks.
- Distributed Denial of Service( DDoS) Attacks: This type of attack is an attempt to disturb the incoming normal traffic in the network by targeting the whole service or server through a botnet created by the cybercriminals making it difficult to provide service on these networks as usual.
- Internal threats
- Internal Employees with Malicious intent: In this situation, integrity and confidentiality of valuable information of the health institutions could be compromised easily as the attack is not from any external source it is happening from the malicious insiders of the organization itself.
Moreover, they have access to the systems or medical devices which make it more obvious that they can make malicious modification either to patient’s information or organization’s data.
- Lack of Security Awareness : Generally, in the health sector employees are not aware or educated to adopt best security practices in the organization. And this enables cybercriminals to leverage this particular gap. In other words, this unawareness among the employees creates more cybersecurity risks in these health institutions.
Ways to mitigate these risks
- Implementing vulnerability discovery or disclosure systems in all medical devices or software used in the healthcare sector.
- Making all the employees working in the organization aware about cybersecurity best practices like critically checking the emails before opening them, not opening unprotected or unsecured websites, and keep updating the operating systems,
- Having regular cybersecurity risk assessment just like any other organization adopting best cyber security practices.
Health sector is one of the most vulnerable sector in cyberspace and it is becoming more evident from many incident and the nature of incidents took place in recent years. Not only these incidents are capable of affecting the organization’s health but also the patient’s health. The concerning part is that an Israel-based researcher invented a virus that could be infused in MRI and CT scans as tumors. This malware could fool doctors and is capable of causing the wrong diagnosis of patients. Thus, the health institutions should now take cybersecurity the top priority to prevent these types of risks and ultimately to secure the patient’s well-being.
To maintain the best cyber hygiene and security practices, huge investment is needed and this is the major constraint or challenge among health institutions (whether privately or government owned) due to low budgets. Firstly government should make a stringent law regarding cybersecurity in order to make health institutions more concerned or serious in placing best cyber security practices and then they should plan out with business leaders, cyber experts, and medical scientists innovative solutions to address the issue of cybersecurity in the healthcare sector.
Author: Mr. Ishan Kumar Rai, Intern, CyberPeace Foundation