As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health care industry shows what threats are out there and how you can mitigate them.

Why Are Health Care Cyberattacks Significant?

Who counts as part of the health care industry? It’s a wide field, from companies that offer clinical services, manufacture drugs and medical equipment to related support services, such as medical insurance. These services operate in a web of partnerships including doctors, nurses, medical administrators, government agencies, pharmaceutical companies, medical equipment manufacturers and medical insurance companies.

The industry is broken down into three segments:

  1. Health care providers – hospitals, nursing homes, rehabilitation centers and teaching, research and training centers.
  2. Health care payers – government and private health insurance policies and health care fund services.
  3. Life science – pharmaceutical firms, biotechnology firms and medical equipment manufacturers.

Health Care Cybersecurity Challenges: Costly Data Breaches and a Range of Threat Actors

Figure 1 by IBM. All numbers are in millions.

The average health care data breach costs its victim $7.13 million, the highest cost in 2020 across all industries. That’s almost double the global average. Of these incidents, 80% resulted in the exposure of customers’ personally identifiable information, according to IBM’s Cost of a Data Breach report. Just 23% of health care organizations have fully deployed security automation tools. On average, it takes six months to detect a data breach. Beyond that, it takes 280 days on average for an organization to identify and contain the breach.

Figure 2 by IBM, with reference to Statista. All numbers are in millions.

With many organizations unprepared, threat actors see several advantages to launching cyber attacks. In health care, they’re mostly after money or secrets. Overall, the top five motivations behind any cyberattacks are financial, espionage, disruption, political and retaliation. Information, data and user credentials can be sold on the dark web. That’s why those are the most common things threat actors are looking to steal during an intrusion: they’re after the money.

The second most common motivation is espionage, and it is on the rise. It’s becoming more common mainly due to ongoing geopolitical and commercial tensions.

Cybersecurity Threats to Smart Hospitals

Hospital cyberattacks, like a recent one on the Brno University Hospital in the Czech Republic, are especially dangerous in the middle of the COVID-19 pandemic. This forced the hospital to reroute patients and postpone surgery. This incident highlighted how disruptive such attacks can be, since this hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories.

Balancing protection against health care cybersecurity attacks with today’s ‘smart’ technology standards comes with challenges. What makes a hospital ‘smart?’ Essentially, the critical assets in smart hospitals are connected through a network and can be controlled remotely. This increases the possibility of cyberattacks. Highly critical assets for smart hospitals, such as an interconnected clinical system, networked medical devices and a remote care system, can be at risk. In addition, in order to achieve improved medical care and enhanced diagnostic capabilities, the hospital may replace legacy systems with Internet of things (IoT) components and devices. This means those systems become directly critical not only for individual patient safety but also for the overall functioning of the hospital.

In most cases, the root cause of a data breach at a health care organization is one of three factors: a malicious attack (52%), system glitch (25%) or human error (23%).

Likelihood and Criticality of Cyberattacks to Smart Hospitals

Let’s take a closer look at those three major threat factors impacting smart hospitals. As one might expect, malicious attacks are deliberate attacks by a person or organization. System glitches are highly relevant in the health care sector, particularly due to the increasing complexity and dynamics of the systems they affect. Human error can occur during the configuration or operation of devices or information systems, or the execution of processes.

Figure 4 by IBM

Health Care Threat Actors and Threat Vectors

By defending against threat actors from outside, hospitals and other health care organizations can cut down on the most likely source of an attack. Threat actors in a smart hospital can come from a variety of sources and have a variety of motivations. They could be insider threats: physicians, nurses or administrative staff with a reason to hurt the organization. Or, threat actors could be malicious patients and guests. Lastly, threats could come from remote attackers: people who for any reason use equipment to attack without being physically inside the hospital.

These potential attackers have several different approach vectors in a smart hospital to choose from. First, they could physically interact with IT assets. Another very common technique is to use wireless communication to access IT assets within range. Attackers can use wired communication with IT assets through related online tools including cloud services and online health care information systems. Finally, attackers can get in by using other people to unknowingly help them. Social engineering attacks are very common in the health care sector. They are usually where ransomware attacks start.

How to Improve Your SOC

Threats toward the health care industry are increasing year over year as hospitals get smarter. The industry has been a top target for cyberattacks in terms of both information technology and operational technology (OT). This is a critical time for hospitals and other health care organizations to invest and mature their security operations center (SOC).

One way to do this is to bring IoT and OT into the scope of the SOC’s responsibilities. Next, you can assess the existing SOC in terms of finding gaps in its capabilities.

Threats are always evolving, but information security is evolving along with them. By keeping up to date on your existing security and SOC capabilities, health care organizations can work toward smooth operations and making sure patients get the best care possible.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…