These past years have seen a significant increase in data breaches and cybersecurity incidents, with businesses and governments coming under ever-increasing threats from malicious threat actors, intent on finding new and inventive ways to exploit weaknesses. In this blog, we look back at one of the most significant attacks in 2021 in the healthcare sector; the ransomware attack on Ireland’s HSE (Health Services system) and explore how organisations can benefit from strategic investments in cyber risk and incident management software.
Over the past year, ransomware attacks have disrupted a wide range of organisations, including healthcare, schools, fuel pipelines and food suppliers. This has resulted in significant disruptions to public health, education, supply chains as well as having a broader social and economic impact.
Cybersecurity incidents have been increasing year on year and has further accelerated during the COVID-19 pandemic. The sudden shift in the way we work has meant that a significant portion of the global workforce moved to decentralised systems, cloud computing, and remote devices. This caused major problems for cybersecurity professionals as they tried to secure a new remote workforce and protect data and information.
With October marking cybersecurity awareness month, we are looking back at one of the most significant cyber-attacks on a national healthcare system, the ransomware attack on Ireland’s HSE, that according to University College Dublin cybersecurity expert, Jan Carroll “made everyone take cybersecurity seriously”.
In May 2021, Ireland’s Safety Executive was forced to shut down its entire IT system following a crippling ransomware attack, focused on accessing data stored on its central servers. Staff scrambled to deal with the situation by reverting to a paper-based system. In some areas, the number of appointments dropped by almost 80% in the days after the attack. Cobalt strike beacon, a tool that gives remote access to hackers was found in the HSE’s IT systems. This enabled the threat actors to move within the computer and execute their malware. The hackers deployed a form of ransomware known as Conti, which NHS Digital defined as an advanced tool that affects all Microsoft Windows versions and uses a unique routine to identify and encrypt files rapidly.
Outside of the cyber-attack on Ireland’s HSE, other developments in the industry have led to heightened awareness of the vital nature of cybersecurity in healthcare. Becker’s Hospital Review estimates that data breaches cost the global health care industry approximately US$5.6 billion every year.
Rapid advances in medical devices, mobile technology, evolving government regulations, and transformation in the way care is delivered and consumed – have come together to create an environment of complexity and vulnerability in the healthcare sector. Healthcare organisations are especially susceptible to ransomware due to the critical nature of the care provided, and reliance on up-to-date confidential patient information. Without quick access to drug histories and surgery directives, patient care risks getting delayed or worse coming to a complete halt. This means these organisations are seen by cyber criminals as more likely to pay ransom demands in order to secure patient care and privacy.
A keynote speaker at Ireland’s 2021 Smart Health Summit, Digital Health Lead, Dr. Saira Ghafur, from the Institute of Global Health Innovation at the Imperial College London noted that over the past 18 months cyber-attacks have become more and more serious, evolving from amateur hacking to state-sponsored sophisticated activities, with malicious attackers exploiting the disruption caused by attacks in the healthcare sector.
In 2017, the WannaCry ransomware attack that took down to the United Kingdom’s National Service was a huge wake – up call for healthcare organisations around world, and seriously illuminated the very urgent need to make proactive investments in cyber security in the industry.
Healthcare organisations are a particularly inviting target for financially motivated threat actors, given the broad attack surface that makes it easy for cyber criminals to find vulnerabilities and monetise their exploits.
organisations with a consistent view of how all risks, including cyber and IT, are maintained and controlled; a simplified approach to compliance across key regulatory frameworks related to information security; and the ability to respond to cyber and IT breaches quickly to keep key stakeholders informed. “
Camms.Risk is an agile, feature-rich, and powerful software solution that provides critical insights and decision-making in a fast-paced, ever-changing business environment. To learn more about how we can help your organisation manage risk, including cyber and IT risks, request a no obligations demo today.