Cyberattacks are growing exponentially, and lack of cybersecurity is now considered one of the main global risks for economic and social stability. By 2025, the global cost of cybercrime is expected to reach US$10.5 trillion annually, a drastic leap considering that in 2015 it was US$3 trillion.
Cyberattacks in healthcare increased by 74% in 2023, making it one of the most affected sectors. This is due to the sensitivity of the data and the growing adoption of technologies, such as electronic medical records and medical devices connected to the internet, like patient monitors, insulin pumps, and diagnostic equipment, which collect and transmit data in real time. Strengthening cybersecurity is paramount to protect patients and health systems.
The IDB publication Protecting Digital Health: A Guide to Cybersecurity in the Health Sector describes different frameworks, guides, and controls to address the problem. It also proposes a practical methodology for identifying risks, implementing controls, and fostering a culture of cybersecurity in healthcare organizations.
The Appeal of the Healthcare Sector for Cybercriminals
A combination of factors makes the healthcare sector not only vulnerable but also highly profitable. Firstly, the essential importance of healthcare services means that any interruption can have serious, even fatal, consequences. An emblematic case is the University Hospital of Düsseldorf in 2020, where an attack affected critical systems, preventing access to essential data and resulting in the first recorded death directly associated with a cyberattack.
Secondly, the sector is a lucrative target because of the high value of the data managed, including medical records, personal, and financial information.
Health systems have many potential entry points for cybercriminals. For example, 75% of 200,000 infusion pumps connected to hospital networks and other organizations analyzed in a study had critical vulnerabilities. While connectivity in devices improves efficiency and patient care, vulnerabilities such as outdated firmware or lack of encryption in data transfer also provide opportunities for attacks.
How to Address Cybersecurity in Healthcare?
To address these challenges, it is crucial to adopt a comprehensive approach that combines processes, people, and technologies. In organizations, cybersecurity must be part of their strategic management, prioritizing the protection of critical systems —such as emergency systems and medical devices—and implementing technical measures such as network segmentation, regular software updates, and continuous monitoring.
Furthermore, strengthening the security of medical data is also relevant given its high value to cybercriminals. This includes the use of end-to-end encryption, multi-factor authentication, and regular audits to detect vulnerabilities.
Finally, the heterogeneity of medical systems and devices connected to the internet requires a specific security strategy. Organizations must guarantee that connected medical devices comply with updated security standards and are protected against unauthorized access.
At the global level, institutions and regulations approach cybersecurity from different angles. One example is the working group on Cybersecurity of the US Health Care Industry Coordinating Council, whose mission is to identify cybersecurity threats to critical healthcare infrastructures and promote preparedness. Understanding these initiatives is essential to considering new solutions and moving towards a more secure and resilient digital ecosystem. We will discuss this, and other global solutions in more detail in our next blog.
Leave a Reply