As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health care industry shows what threats are out there and how you can mitigate them.

Why Are Health Care Cyberattacks Significant?

Who counts as part of the health care industry? It’s a wide field, from companies that offer clinical services, manufacture drugs and medical equipment to related support services, such as medical insurance. These services operate in a web of partnerships including doctors, nurses, medical administrators, government agencies, pharmaceutical companies, medical equipment manufacturers and medical insurance companies.

The industry is broken down into three segments:

  1. Health care providers – hospitals, nursing homes, rehabilitation centers and teaching, research and training centers.
  2. Health care payers – government and private health insurance policies and health care fund services.
  3. Life science – pharmaceutical firms, biotechnology firms and medical equipment manufacturers.

Health Care Cybersecurity Challenges: Costly Data Breaches and a Range of Threat Actors

Figure 1 by IBM. All numbers are in millions.

The average health care data breach costs its victim $7.13 million, the highest cost in 2020 across all industries. That’s almost double the global average. Of these incidents, 80% resulted in the exposure of customers’ personally identifiable information, according to IBM’s Cost of a Data Breach report. Just 23% of health care organizations have fully deployed security automation tools. On average, it takes six months to detect a data breach. Beyond that, it takes 280 days on average for an organization to identify and contain the breach.

Figure 2 by IBM, with reference to Statista. All numbers are in millions.

With many organizations unprepared, threat actors see several advantages to launching cyber attacks. In health care, they’re mostly after money or secrets. Overall, the top five motivations behind any cyberattacks are financial, espionage, disruption, political and retaliation. Information, data and user credentials can be sold on the dark web. That’s why those are the most common things threat actors are looking to steal during an intrusion: they’re after the money.

The second most common motivation is espionage, and it is on the rise. It’s becoming more common mainly due to ongoing geopolitical and commercial tensions.

Cybersecurity Threats to Smart Hospitals

Hospital cyberattacks, like a recent one on the Brno University Hospital in the Czech Republic, are especially dangerous in the middle of the COVID-19 pandemic. This forced the hospital to reroute patients and postpone surgery. This incident highlighted how disruptive such attacks can be, since this hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories.

Balancing protection against health care cybersecurity attacks with today’s ‘smart’ technology standards comes with challenges. What makes a hospital ‘smart?’ Essentially, the critical assets in smart hospitals are connected through a network and can be controlled remotely. This increases the possibility of cyberattacks. Highly critical assets for smart hospitals, such as an interconnected clinical system, networked medical devices and a remote care system, can be at risk. In addition, in order to achieve improved medical care and enhanced diagnostic capabilities, the hospital may replace legacy systems with Internet of things (IoT) components and devices. This means those systems become directly critical not only for individual patient safety but also for the overall functioning of the hospital.

In most cases, the root cause of a data breach at a health care organization is one of three factors: a malicious attack (52%), system glitch (25%) or human error (23%).

Likelihood and Criticality of Cyberattacks to Smart Hospitals

Let’s take a closer look at those three major threat factors impacting smart hospitals. As one might expect, malicious attacks are deliberate attacks by a person or organization. System glitches are highly relevant in the health care sector, particularly due to the increasing complexity and dynamics of the systems they affect. Human error can occur during the configuration or operation of devices or information systems, or the execution of processes.

Figure 4 by IBM

Health Care Threat Actors and Threat Vectors

By defending against threat actors from outside, hospitals and other health care organizations can cut down on the most likely source of an attack. Threat actors in a smart hospital can come from a variety of sources and have a variety of motivations. They could be insider threats: physicians, nurses or administrative staff with a reason to hurt the organization. Or, threat actors could be malicious patients and guests. Lastly, threats could come from remote attackers: people who for any reason use equipment to attack without being physically inside the hospital.

These potential attackers have several different approach vectors in a smart hospital to choose from. First, they could physically interact with IT assets. Another very common technique is to use wireless communication to access IT assets within range. Attackers can use wired communication with IT assets through related online tools including cloud services and online health care information systems. Finally, attackers can get in by using other people to unknowingly help them. Social engineering attacks are very common in the health care sector. They are usually where ransomware attacks start.

How to Improve Your SOC

Threats toward the health care industry are increasing year over year as hospitals get smarter. The industry has been a top target for cyberattacks in terms of both information technology and operational technology (OT). This is a critical time for hospitals and other health care organizations to invest and mature their security operations center (SOC).

One way to do this is to bring IoT and OT into the scope of the SOC’s responsibilities. Next, you can assess the existing SOC in terms of finding gaps in its capabilities.

Threats are always evolving, but information security is evolving along with them. By keeping up to date on your existing security and SOC capabilities, health care organizations can work toward smooth operations and making sure patients get the best care possible.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today