Table of Contents
The Cybersecurity Trends and Threats in Healthcare Right Now
As has been well reported by now, the NHS suffered a damaging ransomware attack in early June of 2024. The breach impacted several hospital trusts, including Guy’s and St Thomas’ teaching hospitals in London, and King’s College Hospital.
According to reports by the BBC and other news outlets, the ripple effects of this attack have been significant. Nearly 3,000 outpatient appointments and over 1,100 planned operations have been delayed or cancelled as a result of the disruption, and Trusts have put out desperate pleas for blood donations after records became compromised.
Having been attributed to the Russain criminal group Qilin, this devastating blow to the NHS highlights the importance of stringent cyber security within the healthcare industry, as well as a worrying trend of hospitals, pharmacies and medical companies finding themselves at the receiving end of a hack.
The Growing Trend of Healthcare Cybercrime
Qilin’s attack is hardly the first time the NHS has found itself subject to data theft and corruption. In fact, CPX London reports that there were a staggering 1,383 cyberattacks in the NHS per week in 2023 alone, compared to just 797 per week in 2022.
This highlights a rising trend of hackers targeting healthcare organisations. Such a high percentage of patient records and data are now held in digital spaces, particularly since the COVID-19 pandemic, which accelerated the adoption of telemedicine, electronic health records, and other digital health solutions.
And with the NHS constantly playing digital catch-up due to ageing infrastructure, this all adds up to make healthcare a prime and tempting target for cybercriminals. Indeed, recent reports suggest that 61% of trusts and organisations hit by cyberattacks last year paid the fee to prevent a data leak.
Emerging Cyber Threats in Healthcare
The techniques and tactics employed by lone actors and organised cybercrime organisations are evolving all the time. However, there are patterns that we can see in recent years. Among the most popular attack vectors are:
Ransomware
Ransomware is one of the most significant cyberthreats facing healthcare today. Criminals target healthcare organisations due to the critical nature of their services, forcing them to pay substantial ransoms to regain access to their systems.
Organised criminal groups seeking profit from healthcare organisations is not uncommon, with 82% of UK healthcare organisations suffering some form of ransomware attack in 2022 alone.
Phishing and Social Engineering
Phishing attacks and social engineering tactics are growing increasingly sophisticated, targeting healthcare staff in order to gain access to sensitive and important information.
Phishing is by far the most common form of cyberattack in the UK, targeting 84% of businesses and 83% of charities, according to government figures. Continuous staff training and awareness programs are essential in recognising and avoiding falling victim to these schemes.
Data Breaches
Healthcare data is particularly valuable on the black market, meaning data breaches remain a pervasive threat to health organisations. This has been an issue for the NHS for a long time, with the Daily Mail reporting that 1.8 million records were compromised way back in July 2012. And things haven’t improved much.
Robust data encryption, access controls, and regular security audits are all vital to protecting against unauthorised access and data theft.
Supply Chain Vulnerabilities and Insider Threats
Healthcare organisations are relying more on third party vendors for various services, and this can result in a higher risk of attack across the supply chain. Likewise, insider threats also pose a significant risk to healthcare organisations, whether malicious or accidental.
It’s important to ensure that all staff and partners – both inside and outside the organisation – comply with stringent cybersecurity standards. Strict access controls, monitored user activities, and fostering a culture of security awareness can all help to mitigate risks.
The cybersecurity landscape is constantly evolving, and healthcare organisations must evolve with it to avoid falling victim to its more dubious players. By prioritising effective security measures, the healthcare industry can ensure they are keeping data, and patients, safe.
This piece was written by the information security experts at Hicomply. Hicomply makes certification simple and straightforward, with a one-stop solution for vital accreditations like ISO27001 and PCI DSS. Click here to find out more.