Top 5 cyberattacks against the health care industry

Top 5 cyberattacks against the health care industry | Stormshield

The health care industry, and hospitals in particular, are the number one target of ransomware attacks. By 2020, these attacks are expected to quadruple, according to CSO Online. In France alone, 478 cybersecurity incidents have been reported to the Agency for Shared Medical Information Systems (ASIP) since October 2017. We review the five most noteworthy examples of cyberattacks against the health care industry.

1. WannaCry: the ransomware that shook the NHS

In May 2017, the WannaCry cyberattack targeted the UK’s National Health Service (NHS). By exploiting a Windows vulnerability, the hackers managed to infect at least 16 health centres and 200,000 computers, which led to the cancellation of nearly 20,000 appointments and paralysed more than 1,200 pieces of diagnostic equipment.

2. Boston Children’s Hospital targeted by a DDoS attack

Three years earlier, a hacker launched a DDoS (Distributed Denial of Service) attack against Boston Children’s Hospital. The hospital, whose donations page was shut down by the attack, is estimated to have lost 300,000 dollars on repairs to its computer system.

3. Respirators and anaesthesia machines at risk of “medjacking”

Technology is increasingly common in health care institutions. This growing prevalence increases the risk of “medjacking”, or medical device hijacking, as demonstrated by the security flaw that researchers discovered in General Electric respirators and anaesthesia machines. This vulnerability, which the US Department of Homeland Security says is easily exploitable, has yet to be corrected by GE.

4. A phishing attack against a Montpellier medical centre

Phishing is the most widespread cyberthreat, according to the Corporate Cybersecurity Barometer published by the CESIN. An employee of the Montpellier university medical centre found this out the hard way in March 2019, when he opened an email containing a virus that went on to infect more than 600 computers. Fortunately, the hospital was using independent internal networks, which prevented the virus from spreading to all of its 6,000 machines.

5. Blue Cross pays the price for human error

While these malicious attacks are impressive, incidents can sometimes be the result of negligence or a lack of information. Such was the case in April 2018, when an employee of Independence Blue Cross, an American health insurer, accidentally posted a file containing the personal and medical info of nearly 17,000 patients online. It took two months for the company to detect this human error.

These incidents are a reminder of the importance of educating employees—including health care professionals—on good cybersecurity practices.

Share on

To safeguard against potential cyberattacks on health care institutions, information systems require the utmost protection. From ensuring service continuity, to protecting medical files and securing workstations, discover how Stormshield safeguards the data security of medical institutions and the health care industry.

About the author

mm
Marco Genovese
Product Manager, Stormshield

Marco Genovese was born in Asti, a small Italian village better known for excellent wine than for IT infrastructure. After some non-profit experience aiming to bring internet access to the general public, Marco studied IT and worked with various companies in the security sector. He joined Netasq in 2008 as a Pre-Sales Engineer and, a few years later, found the perfect combination of quality of life and computer infrastructure access work by moving to Paris. He is now a Product Manager.