The healthcare industry has seen a series of cyberattacks and data breaches exacerbated by the global pandemic. How can we ensure that patient data is protected in all forms?
by Justin Loh
The healthcare industry has recently been plagued by a surge in cybersecurity-related problems with ransomware attacks taking centre stage. Such attacks compromise the integrity of healthcare systems, with implications spanning from breach of patients’ data privacy, financial loss, and reputational damage.
Due to their heavy reliance on data, healthcare organisations fall short in their ability to provide timely care and treatment for patients when access to critical electronic medical records, monitoring systems, and devices are held hostage. This poses a great risk at the cost of patient lives.
Healthcare Industry Prime Target for Cybercrime
Healthcare data has increasingly become a prime target for cybercriminals in the black market due to its lucrative nature. With the priority put on keeping operations, especially when hospitals are under immense pressure to allocate resources across competing functions, data protection and security measures often fell by the wayside. It does not help that the hackers have worked tirelessly for greater exploit, further exacerbating the vulnerabilities of the healthcare data systems. The healthcare industry must pay heed to the growing cyber and ransomware threats or risk security fallout.
It is challenging for healthcare organisations to monitor, access, and protect their data as clinical systems are complex, often consisting of multiple databases, applications, storage arrays, and data centres. At the same time, there is a need to ensure regulatory compliance while securely protecting patient data in all forms, and ensuring clinical data is always available for use.
To deliver enhanced quality care at a faster pace, the healthcare industry is adopting smart technologies like artificial intelligence and machine learning to support the ever-growing demand for healthcare services. While these new technologies help to deliver connected healthcare services, the healthcare staff might not have the time and expertise to understand the associated IT risks – they simply need the devices to work. With outdated IT security protocols and fragmented systems, healthcare organisations are susceptible to data breaches and cyberattacks.
Growing Ransomware Threat
The global pandemic has further accelerated the surge in cyberattacks and ransomware, with cybercriminals taking advantage of the chaos to perpetuate their malicious cyber activities. In the race against time to tackle the unexpected emergence of new variants while ensuring operational continuity, hospitals and other medical facilities cannot afford to be locked out of their systems and are more likely to pay the ransom.
Our Veritas Ransomware Resiliency Report1 found that 79 per cent of healthcare organisations who experienced an attack paid at least part of the ransom. With the rapid adoption of frontier technologies and IT services, many healthcare facilities often fail to also adopt the necessary network infrastructure and other critical IT resources needed to tackle possible cyber threats. As a result, hackers have exploited these vulnerabilities to unleash attacks on healthcare organisations, posing severe data privacy breaches or at its worst, a dire situation with life-or-death consequences.
For example, Singapore experienced a massive ransomware attack on a private eye clinic2 in August 2021, where hackers got hold of nearly 73,500 patients’ data and personal information. In 2020 alone, the Cyber Security Agency of Singapore (CSA) received 89 ransomware cases,3 including cases from the healthcare sector. This marked a 154 per cent rise from the 35 cases reported in 2019.
In the eyes of these hackers, medical records hold greater value than credit card details as they contain a wealth of information that can be used to file fraudulent insurance claims, tax refund claims, and advanced identity theft. Moreover, mobile healthcare devices and connected healthcare delivery systems rendered healthcare data more vulnerable to such breaches. With healthcare organisations in Singapore embarking on digitalisation, cybercriminals are devising more effective ways to breach security measures.
Securing Valuable Data as Ransomware Looms Large Over Healthcare Industry
According to Veritas’ Ransomware Resiliency Report,4 organisations face approximately five to 10 days of disruption on average when hit with a ransomware attack. Additionally, recent research5 also revealed that in Singapore, cloud technology (63 per cent) and security (53 per cent) are the most common reported gaps existing in our respondents’ IT strategies that leave them vulnerable to cyberattacks.
There is no easy or convenient solution when it comes to securing healthcare data. To bolster their security posture, healthcare organisations can consider the following best practices:
- Implementing a comprehensive and robust data protection solution that is best fit for continued compliance and resilience;
- Encrypting backups to provide immutable copies that would protect both the patients and the organisation from exposure, such as in the event of a ransomware attack;
- Leveraging a resilient and intelligent platform that can perform automated recovery that is crucial for the effective restoration of complex, multi-tier electronic medical records and clinical applications;
- Full data visibility – knowing where their critical information is located, classifying data according to tiers for appropriate access and protection; and
- Training all healthcare professionals on the policies and tools related to proper information sharing, data usage, and security compliance as the lack of cybersecurity awareness is one of the key challenges that expose them to increased cyber risks.
More Than Just an Attack on Systems and Networks
There is no panacea for cyberattacks. Some of the biggest organisations have fallen victim to cybercrime, time and again, even with the most robust security solutions. The healthcare industry must tackle the core issue of cybersecurity by instilling effective ransomware resiliency plans and data protection solutions that are up to speed. This gives them the best chance at regaining control of their data while maintaining patients’ trust without engaging the hacker.
With the healthcare sector providing life-saving services, it is imperative that they work with a trusted partner to secure and protect their most valued patient and clinical data. As the cyberthreat landscape continues to evolve rapidly, cyber hygiene must also be regarded as a basic component of a well-functioning healthcare system as there is too much at stake once it is compromised.
- Veritas. (2020). The 2020 Ransomware Resiliency Report. Veritas. Retrieved from https://www.veritas.com/content/dam/Veritas/docs/ebook/V1117_GA_EB_2020-ransomware-resiliency-report_JP.pdf
- Chee, K. (2021, August 25). Nearly 73,500 patients’ data affected in ransomware attack on eye clinic in S’pore. The Straits Times. Retrieved from https://www.straitstimes.com/tech/tech-news/nearly-73500-patients-data-affected-in-ransomware-attack-on-eye-clinic-in-spore
- Hani, A. (2021, August 17). Strengthening Cybersecurity in Singapore’s Healthcare Sector. OpenGov Asia. Retrieved from https://opengovasia.com/strengthening-cybersecurity-in-singapores-healthcare-sector-during-covid-19/
- Veritas. (2020, November 17). The resiliency gap widens: Failure to keep pace with complexity in multi-cloud environments leaves businesses at risk of ransomware, finds Veritas Survey. Veritas. Retrieved from https://www.veritas.com/news-releases/2020-11-17-the-resiliency-gap-widens-failure-to-keep-pace-with-complexity-in-multi-cloud-environments-leaves-businesses-at-risk-of-ransomware-finds-veritas-survey
- Veritas. (2021). The Vulnerability Lag. Veritas. Retrieved from https://www.veritas.com/content/dam/Veritas/docs/reports/GA_ENT_AR_Veritas-Vulnerability-Gap-Report-Global_V1414.pdf
About the Author
Justin Loh, Country Director for Singapore, Veritas Technologies
As the country director for Veritas’ Singapore operations, Justin Loh is responsible for leading Veritas’ overall business strategy, sales operations and continuous growth in Singapore. Prior to Veritas, Justin was the general manager at Adura Cyber Security where he led the consulting services businesses across Singapore and Hong Kong.