Cyberattacks on hospitals: Encrypted data

When hackers encrypt a hospital's data, it usually means it has been hit with ransomware. This type of malware blocks access to a hospital's own computer systems and data until a ransom is paid. If a hospital can't access patient records, appointment schedules, or medical equipment controls, that's a big problem.

What does this mean for the hospital?

Hospitals face the following challenges:

  • Disruption of patient care: Doctors and nurses are unable to access critical patient information, such as medical history, allergies, or current medications, which can put patients at risk.
  • Cancellation of appointments and surgeries: Without functioning systems, scheduling and performing work is impossible, leading to delays or cancellations of essential medical procedures.
  • Financial costs: Hospitals face recovery costs, potential ransom payments, and reputational damage.
  • Risk of data leakage: Even if data is recovered, there is a risk that patient data may have been stolen before or during the encryption process, leading to privacy concerns.

What happens What next?

Hospitals typically have several options, none of which are ideal:

  • Pay the ransom: While this may be the fastest way to regain access, there is no guarantee that the hackers will decrypt the data, and it may encourage future attacks. Law enforcement often recommends against paying the ransom.
  • Restore from backups: If the hospital has robust, uninfected backups, it can restore its systems. This can be a time-consuming process, but it is generally the most recommended approach.
  • Rebuild systems: In the worst case scenario, if backups are unavailable or are also compromised, the hospital may have to rebuild its entire IT infrastructure from scratch, which is a huge task.

These attacks highlight the extreme need to have good cybersecurity in healthcare facilities and protect patient data.

How to prevent cyberattacks in hospitals

A comprehensive approach is needed to prevent cyberattacks such as ransomware, especially in a sensitive environment like a hospital. This includes not only technical measures, but also staff training and thorough planning.

Key preventive measures for hospitals:

Prevention is the basis for both avoiding the problem and successfully resolving the attack.

1. Regular and robust data backups:

  • Backups: This is an absolute foundation. Data backups should be created regularly and stored in a separate and secure location. Ideally, offline backups that are completely deleted should also be made. At a minimum, however, backups must be in a different geolocation and secured so that no one from the Internet/network can change/delete them.
  • Recovery Testing: It is not enough to just back up, you need to regularly test whether the data from the backups can actually be restored and whether they are intact.
  • Backup Versioning: Have multiple backup versions (e.g. daily, weekly, monthly) so that you can revert to data from before the compromise.

2. Staff Education and Training (Cyber Hygiene):

  • Phishing Attacks: Employees are often the weakest link. Regular training should highlight phishing emails, fraudulent links, and how to recognize them. They should know not to click on suspicious links or open attachments from unknown sources.
  • Strong passwords and two-factor (2FA) or even multi-factor authentication (MFA): Using complex and unique passwords for each system. All this makes unauthorized access much more difficult. Use the Bitwarden password manager to store passwords. This will increase security and is convenient for users.
  • Caution when using public Wi-Fi and VPN: Using a VPN (virtual private network) is recommended for data encryption when working outside the secure hospital network.

3. Technical measures and infrastructure:

  • Software and systems updates (Patch Management): Regular and timely installation of security updates and patches on all operating systems, applications and medical devices is crucial. Attackers often exploit known vulnerabilities.
  • Firewalls and intrusion detection/prevention systems (IDS/IPS): Properly configured firewalls and IDS/IPS systems help monitor network traffic and block suspicious activities.
  • Antivirus and antimalware protection: Keep antivirus and antimalware programs up-to-date and effective on all devices.
  • Network segmentation: Dividing your network into smaller, isolated segments can limit the spread of an attack if it occurs. For example, separate office networks from networks with critical healthcare facilities.
  • Access Control (Principles of Least Privilege): Ensure that users only have access to the data and systems they absolutely need to do their job.
  • Data Encryption: Sensitive data such as patient records should be encrypted both at rest (in storage) and in transit.
  • Network Monitoring: Continuously monitor network traffic and systems to detect anomalies and suspicious activity.

4. Incident Planning and Response:

  • Incident Response Plan: Have a detailed and tested plan in case of a cyber attack. This should include steps for detection, containment, eradication, recovery and learning from the incident.
  • Crisis management: Integrate cybersecurity into the hospital’s overall crisis management plan.
  • Collaboration: Cooperate with the National Cyber and Information Security Authority (NCISA) and other relevant authorities and organisations to share information on threats.

The European Union is aware of these risks and is actively working to strengthen cybersecurity in healthcare. New initiatives include financial support for smaller hospitals, the creation of educational materials and the establishment of an EU-wide center for cybersecurity in healthcare.

Prevention is indeed better than cure in healthcare, even in the case of cyber attacks. It is a continuous process that requires constant investment and attention.

Backups are what save the organization

A backup should be something you can rely on to be used in any situation. This means that backups must be reliable and functional no matter what happens.

It is not enough to just back up your data; the key is to regularly verify the integrity of the backups and test the recovery process. Only then can you be sure that in the event of a cyberattack, system crash, or other unexpected event, you will be able to actually recover your data and your hospital will soon be back up and running.

Without reliable backups, any cybersecurity effort is incomplete and leaves you vulnerable to catastrophic data loss.