Hotline:+852 3958 3000
July 2019: A new-born baby was delivered with severe brain damage after the umbilical cord had caught around her neck. Her life ended prematurely nine months later. The hospital where she was delivered, the Springhill Medical Center in Alabama, USA, had recently been the victim of a ransomware cyber attack. The hospital’s IT systems were down, including the fetal heartbeat monitors that may have detected the baby’s condition, potentially saving her life through a swift C-section. (Reported by the Wall Street Journal)
September 2020: A 78-year-old German woman tragically lost her life after her ambulance was diverted to a hospital 32km away from the intended hospital, delaying the treatment of her aortic aneurysm by an hour. The original hospital, the University Hospital of Düsseldorf, had been attacked with ransomware. With critical infrastructure paralyzed, the hospital could not have provided her with the necessary medical attention and had no choice but to turn her away. (Reported by Wired)
These two incidents are believed to be the first instances of death caused by ransomware attacks on hospitals. They should make us sit up and reconsider the potential harm and losses caused by cyber-attacks. No longer are they restricted to financial or intellectual property losses, or social and political disruption. Now, they can also take lives.
Hospital cyber-attacks are very real. Healthcare organizations have increasingly found themselves in the crosshairs of cyber-criminal organizations, so much so that cyber-attacks on healthcare have become a common occurrence. According to the 2021 H2 Healthcare Data Breach Report from Critical Insights, the total number of healthcare data breaches in the U.S. reached an all-time high of 679 in 2021, while the number of affected people amounted to 45 million, up from 34 million in 2020. Similarly, the 2021 Internet Crime Report released by FBI’s Internet Crime Complaint Center reported 148 healthcare cyber-attacks in H2 2021, by far the largest proportion of attacks among the various industries in the same time period. Evidently, if the healthcare industry does not tighten up its security fast, the next cyber-inflicted fatality could just be around the corner.
As with solving any problem, causes have to be analyzed before actions can be drawn up and implemented. The following section will look at some of the main reasons why healthcare organizations have become such important targets of cybercriminals, and how the healthcare industry could save themselves from this pandemic.