Last month saw an alarming rise in cyberattacks against healthcare facilities. Ransomware attacks across the globe locked 68 care providers out of their respective networks during Q3 of this year alone, threatening patient safety and privacy. Experts fear that patients will suddenly be unable to receive critical care at a targeted facility without a holistic whole-facility cybersecurity approach.
Johnson Memorial Health Hospital in Franklin, Indiana, US, and the Hillel Yaffe Medical Center in Hadera, Israel, are just two examples of the attacked medical facilities. At Johnson Memorial, the early-October attack locked databases and exposed patient data. Days after the attack, a ransom amount was strangely not yet requested.
In early November, Hillel Yaffe Medical Center was attacked by an allegedly Iran-backed group, Black Shadow. The personal data of 290,000 individuals were released, and investigators estimated that it would take many weeks to recover and understand the full scope of what had been accessed.
Healthcare legacy OT equipment vulnerable to cyberattacks
As healthcare facilities modernize, their legacy OT equipment becomes vulnerable to hackers. Water, HVAC, oxygen, electrical, and other critical systems are connected, yet may fall short of proper cybersecurity monitoring and protection. Compromising any of these utilities will negatively impact patient care, potentially threatening the lives of those being treated.
“Accessing patient data is worrisome, but the idea of hackers gaining access to components in a specific ward or even a single operating room is alarming,” said Ilan Barda, CEO of Radiflow.
“CISOs at facilities should focus on both IT systems and OT environments, starting from risk assessment to threat monitoring. There should be continuous holistic risk management for more mature organizations that combine both IT and OT systems. With Radiflow, teams can monitor the full range of a healthcare OT security from one central location.”
The US Department of Health and Human Services (HHS) had warned about the alarming trends in 2021, with 68 global attacks on healthcare facilities in Q3 of this year alone.