Hospital Hackers: Why Healthcare is Vulnerable to Cybercrime

Advancing telehealth means that patients increasingly rely on cyber-systems for their medical records, data, medical equipment, and prescriptions. As increased reliance on digital platforms and the use of AI in hospitals has grown - so has an increase in cyberattacks on hospitals. Healthcare systems are now the top target for cybercriminals, and even smaller rural hospitals have recently come under attack. Hospitals are easy targets for cybercriminals because hospitals have medical devices that are linked to the hospital’s corporate server. A January 2022 report found 53% of medical devices have known system vulnerabilities to be hacked. These cybercriminal organizations target other sectors like petroleum and banks, but when a hospital server is attacked by ransomware - people’s lives are at risk. The first 6 months of 2021 saw 40% more attacks on hospitals than the entire year of 2020. 2021 is now being dubbed “the year of double ransomware attacks”. A normal ransomware attack is when the cybercriminals freeze or encrypt the hospital’s system rendering it unusable until the ransom is paid. A double ransom goes one step further with the threat to sell or even give away all the data (medical records, social security, etc.) on a hospital’s server. At the beginning of 2021 only one group was carrying out “double ransom” attacks. By the end of 2021 most ransomware attacks were “double attacks” carried out by multiple cybercriminal organizations. A piece from Stat+ News states: “According to federal health officials, the industry’s average ransom payment was more than $322,000 by the end of 2021... Some rural hospitals (are) paying quarter-million-dollar ransoms.” Another report reflected that about 1/3rd of hospitals paid out ransoms, and 40% of the time the hackers still sold the data. The threat of cyberattacks on hospitals is not new, but through the pandemic, there’s been an increase in competency, organization, and proliferation of organized cybercriminal groups often protected by foreign governments. One of the most notorious attacks, WannaCry, came out of North Korea in 2017. WannaCry was the first hack to tamper with medical devices. It disabled 294 UK hospitals and 19,000 appointments were canceled. Despite the effectiveness of WannaCry, the hackers made several rookie mistakes that led to them being identified. Five years later, hackers have far surpassed WannaCry in competency, but the challenge is that these attacks come from overseas and are decentralized. The first fatality of a ransomware attack took place in 2021 in Mobile, AL. A baby delivered in a hospital that was under a ransomware attack died because a heart rate monitor that would have indicated the baby wasn’t getting enough oxygen wasn’t functioning. Consequentially, a c-section was not performed in time and died 8 months later. In 2021 there was an uptick in rural US hospitals being targeted. It is suspected that the increase in rural hospitals may be because of easier systems to hack or use as a testing ground. Rural hospitals are especially vulnerable because patients may not be able to receive critical care somewhere else in time. A handful of health providers have gone out of business due to cyberterrorism leaving patients hours away from the next available provider.

In March of 2022 the Biden administration released a warning to be on the lookout for Russian cyberterrorism in response to global sanctions put on Russia. As Russia moved forward in its attacks on Ukraine, a Ukrainian hacker leaked a trove of programming information, data, and conversations within the cybercriminal organization. Like conventional businesses, the hackers had an office space in Moscow, then worked from home through the pandemic. They have an HR department that handles time off requests, petty workplace squabbles, and pitches about creative ways to “micro-sell” acquired data. The effort to fight cybercriminals is often compared to the challenges of War on Terror. The year 2021 saw the most significant leap in the number of cybercriminal organizations, their competency, and their ruthlessness in how they are starting to behave more like terror organizations. The proliferation of these groups combined with political unrest may open even more risk of US hospitals being held ransom by foreign cyber-organizations.