iTnews Asia
  • Home
  • News
  • Security

Healthcare facing the most cyber breaches, more than any other industry

Healthcare facing the most cyber breaches, more than any other industry

Why is this so? Healthcare is the sweet spot due to the amount of customer data that is sensitive and the number of medical devices connected.

By Raymond Tan on Aug 25, 2021 8:03AM

The healthcare industry is now experiencing more devastating DNS attacks than ever during the COVID-19 pandemic, more so than in any other industries.

A 2021 Global DNS Threat Report study from EfficientIP and IDC reveals that healthcare is more vulnerable and the most likely industry to suffer application downtime, with 53% of healthcare companies experiencing cyber breaches.

Globally, healthcare also saw the highest rate of compromised websites at 44% and the highest rate of brand damage at 31%. The average cost per attack in healthcare also increased to $862,630, a rise of 12% from last year and the sharpest increase seen by any industry.

The top three impacts were (1) application downtime at 53%, (2) cloud service downtime 46% and (3) compromised website at 44%.

“Hospitals and clinics as well as healthcare companies were not ready in deploying fundamental healthcare IT defense mechanisms needed to secure their systems and operations. This gap is opening the door for hackers to take advantage,” said Ronan David, VP of Strategy for EfficientIP, in response to questions on the study from iTNews Asia.

What the numbers mean

“We all knew that the healthcare industry would be a prime target for cyber attacks during the pandemic,” said David. “But it really is fascinating--and useful--to see the data in black and white. Fascinating because we finally have a clear quantitative picture, and useful because we see where companies can help healthcare companies improve their defenses.”

The study warns that this comes at a time when health industry is already experiencing other stressors related to the pandemic, the downtime in the cloud and from apps and services used could have heavy consequences for both patients and providers. Customer information is particularly sensitive in the healthcare sector, which makes it an attractive target--particularly so during a time of high-stress for the industry.

The study also found that it took an average 6.28 hours to mitigate each attack – which is higher than the industry average of 5.62 hours – and in serious cases puts patient’s lives in danger due to the lack of healthcare support during the downtime .

Hospitals and clinics as well as healthcare companies were not ready in deploying fundamental healthcare IT defense mechanisms needed to secure their systems and operations. This gap is opening the door for hackers to take advantage.

- Ronan David, VP of Strategy for EfficientIP

David said healthcare is in the sweet spot for the threat actors,  firstly due to the large amount of customer data that is that is easily accessible to patients and to caregivers both on-site and remote. This necessitates a larger number of devices and platforms, thus increasing the attack surface for bad actors.

Secondly, he said the healthcare sector has a large number of internet connected devices for day to day patient treatment. These devices all provide an entry point for external attackers into a system, with DNS often being used as a vector for the attack.

IoT devices, smartphones, telemedicine applications, robotic surgical equipment, cloud connected machines such as MRI, heart rate monitors, ventilators, ultrasound machines, patient monitors are involved in daily healthcare operations which are easily at risk for DNS malware attacks without proper healthcare IT security.

“Any medical device infected by malware can be used to exfiltrate data or rapidly spread infection to other devices, resulting in systems shut down of IT processes and connections, thus disrupting patient care,” said David.

Southeast Asian countries under threat

From the region’s perspective, the study found that attacks on the healthcare sector are on the rise for many countries in APAC – especially among Thailand, Malaysia, and the Philippines.

Indonesia was also one of the Southeast Asian countries to have experienced cyber attacks earlier in the year in its national healthcare program. The incident jeopardised over 100,000 Indonesians’ personal social security data including personal records, social security number and payment status for fraud and digital attacks. 

The Singapore healthcare sector also found itself to be at risk for government data hacks through malware. The government previously detected millions of internet connected medical equipment including ultrasound machines, patient monitors and medical imaging equipment vulnerable for attacks.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia
Tags:
cyber security digital infrastructure risk management security

Related Articles

  • The real-life Tom & Jerry chase
  • How can we bolster our resilience against AI-enabled e-mail attacks?
  • Qantas hit by cyberattack, data of six million customers exposed
  • Your organisation’s physical security can be a gateway for cybercriminals
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

The real-life Tom & Jerry chase

The real-life Tom & Jerry chase

How can we bolster our resilience against AI-enabled e-mail attacks?

How can we bolster our resilience against AI-enabled e-mail attacks?

Singapore sees no 'juice jacking' at transport charging stations, wi-fi points

Singapore sees no 'juice jacking' at transport charging stations, wi-fi points

Philippine education ministry hit by data leak exposing 210,020 records

Philippine education ministry hit by data leak exposing 210,020 records

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.