EU Cybersecurity Agency Warns of Rising Hacktivism in Healthcare
The Hague, Tuesday, 2 July 2024.
ENISA reports a surge in cyberattacks targeting European healthcare systems, with hospitals being the primary victims. Ransomware remains the dominant threat, accounting for 54% of incidents. The agency predicts an increase in attacks on digital medical devices, posing new risks to patient safety.
The Current Landscape of Cyberattacks
From January 2021 to March 2023, the European Union Agency for Cybersecurity (ENISA) analyzed 215 cyber incidents within the healthcare sector across the EU and neighboring countries. The data revealed that hospitals are the main targets, accounting for 42% of all incidents. Noteworthy examples include the March 2023 attack on Barcelona’s hospital clinic, which led to the cancellation of 150 interventions, and the April 2024 breach at Simone Veil Hospital in Cannes, France, where 61 gigabytes of patient data were stolen[1].
Ransomware: The Primary Tool of Attack
Ransomware remains the most prevalent threat, comprising 54% of all cyberattacks on healthcare, followed by Distributed Denial of Service (DDoS) attacks. ENISA attributes the surge in DDoS attacks in early 2023 to pro-Russian hacktivist groups aiming to disrupt healthcare providers in the EU. These attacks have significant financial implications, with the median cost of a major security incident in the healthcare sector estimated at €300,000. Hospitals typically require an average of 40 days to restore essential functions after an attack[1].
Geopolitical Motivations Behind Cyberattacks
Hacktivism, driven by geopolitical developments, has been a significant factor in the rise of cyberattacks. Mandiant, a cybersecurity firm, notes that hacktivist activities have increased in scale and sophistication since early 2022. Hacktivist groups, often state-backed, employ tactics like information operations and physical process tampering to achieve their goals. These groups are chosen for their ability to operate anonymously and influence the cyber domain[4].
Impact on Healthcare Systems and Patient Safety
The consequences of these cyberattacks are profound, affecting not only the targeted institutions but also patient safety. ENISA’s report highlights that a significant portion of the incidents, around 43%, involved data breaches or theft, while 22% aimed to disrupt healthcare services. Patient data and electronic health records are the most affected assets, posing critical risks to patient confidentiality and safety[1].
Preventative Measures and Recommendations
To mitigate these threats, ENISA recommends several measures to enhance cyber hygiene in healthcare. These include implementing encrypted backups, conducting regular vulnerability scans, patching security vulnerabilities, and adopting robust authentication methods. Additionally, there is a pressing need for employee cybersecurity training programs and the involvement of senior management in cybersecurity strategies. Despite these recommendations, only 27% of healthcare facilities have a dedicated ransomware defense program, and 40% lack comprehensive employee cybersecurity skills programs[1].
Future Threats and Proactive Monitoring
Looking ahead, ENISA predicts a rise in attacks targeting data collected by digital medical devices and wearable technologies. This trend underscores the need for proactive monitoring and robust defenses. Mandiant advises organizations to stay vigilant, as hacktivist activities can often mask more sophisticated cyber threats. Proactive measures, such as threat intelligence and comprehensive risk assessments, are crucial for anticipating and neutralizing potential attacks[4].
Bronnen
- ictandhealth.com
- www.enisa.europa.eu
- outpost24.com
- cloud.google.com
- www.welivesecurity.com
- www.aha.org