Medical facilities have become an elite target for hackers and cybercriminals. According to recent figures published Tuesday by Israeli cyber software company Check Point Software Technologies, there was a sharp rise of 25% in cyberattacks over the months of November and December 2020 and January 2021 compared to the period prior to November 2020 at Israeli medical facilities (hospitals, health offices, clinics, and research bodies). The global figures are even more alarming and show a 45% leap in cyberattacks from November 2020 until January 2021 on average worldwide. These numbers cross continents and geographic locations: there was a 145% increase in central Europe, 137% in East Asia, 112% in South America, 67% in Europe, and 37% in North America.
Globally, the average number of weekly attacks against medical institutions stands at around 620 attacks per week. In Israel that number is even higher, with 813 weekly attacks on average. The types of attacks include ransomware, botnets, remote software activation, and denial of service (DDoS), with the most significant increase in attacks involving ransomware.
One of the main problems that the medical sector faces is the lack of protection and the relative ease in which hackers can infiltrate computerized medical networks. “We are seeing that medical institutions across the world that prefer to pay the ransom demands instead of having their data encrypted or leaked. Their success encourages other hackers to continue and attack additional targets,” Check Point said in their report.
Hackers see hospitals in particular as easy targets, Manager of Data Intelligence Omer Dembinsky said. The report also found that attacks were timed and scheduled to take place during certain periods such as holidays and weekends. It is estimated that during those hours it’s easier for hackers to attack such systems due to the decline in hospital staff alertness levels. Another difficult problem is that many medical teams aren’t skilled in identifying such attacks, which arrive by means of suspicious emails or strange messages, and this makes it easier for the attackers to trick employees.
An additional acute problem in medical computing systems is that often these devices and apps haven’t been updated with the newest or safest versions of software. The reasons for this are varied, including the requirement for authorization by various levels of management, the high price of such software, and the occasional inability to halt online patient treatment systems in order to run necessary updates during high workload periods. Results show that often the facilities prefer to pay the heavy price instead of finding themselves in situations such as what happened in Germany at Dusseldorf Hospital last September, where a 78-year-old woman died from heart failure after being rushed to the hospital which refused to admit her since its entire online system had just been hacked.