In September this year, a German patient was rushed in an ambulance as she suffered a critical aortic aneurism. She was to be admitted to Dusseldorf University Hospital. Unfortunately, the hospital was undergoing a crisis much different to what they have been accustomed to — a cyberattack. Specifically, a ransomware attack had disrupted many of the internal systems of this high-tech and modern metropolitan hospital.
Health personnel in the breached hospital had no choice but to recommend another hospital that could treat the patient effectively. Unfortunately, the needless detour had taken a toll of the patient’s life. To this day, this incident is the first ever recorded death that was indirectly caused by a cyberattack.
Cyber attacks on hospitals
This was not the first cyberattack on hospitals. According to Draeger, 25% of all data breaches worldwide in 2017 happen in the healthcare sector. This is a massive proportion when comparing hospitals to industry giants and crucial national sectors, such as finance, manufacturing, government administration, and military.
The number of cyberattacks on hospitals worldwide has seen a surge as healthcare providers become overwhelmed by the admission of numerous COVID-19 patients. While some cyber attacks have been reported to target healthcare providers in order to steal sensitive patient and insurance holder data, most of the cases are due to negligence of cyber security protocols and lack of staff training.
Staff cyber security is the most important key in cyber security systems
Returning to the case of Dusseldorf University Hospital, technological gap was not the issue that had caused the ransomware breach. Many computers are now equipped with basic malware scanning and detection capabilities, and large companies can certainly afford more advanced cyber security software.
Most ransomware, and many other forms of malware, do not enter a system with brute force. Someone within the organization allows them to infect the system, most likely unintentionally, as one downloads files from insecure sites, emails, wireless file transfers, and external memory hardware (disks and USB sticks).
Cyber attacks could be a matter of life and death
The tenet of healthcare workers is to do no harm. Unfortunately, lack of knowledge and awareness in cyber security may cause unintentional harm. Since cyber security is the responsibility of everyone within the organization, it is crucial that healthcare workers — no matter how busy — must take cyber security seriously, as this could be a matter of life and death.
Xynexis IGNITE is not just a training service given to the IT and security specialists. We create educational and habit-building programs that involve every single person within the organization.