Patients die more often. The reason for merciless hackers

Ransomware attacks, consisting in encrypting data and demanding ransom, are constantly growing in strength. According to the European Union agency, as much as 8 percent. Global ransomware attacks are aimed at medical facilities, which makes health protection one of the most endangered sectors – just behind business (18 percent) and industry (17 %).

Why are hospitals the main goal of cyber attacks?

The medical sector processes huge amounts of personal data, which makes it a tasty morsel for hackers. The rapid pace of medical staff work means that the basic principles of cyber security are often neglected. An example is inappropriate password management – nurses log in on one computer up to 80 times a day, which promotes careless practices such as saving passwords on cards. In addition, an attack on critical infrastructure, which is hospitals, can lead to destabilization of the country. In 42 percent cases, medical facilities are the goal of cyber attacks.

Costs of ransomware attacks. Million losses

The scale of the problem is huge. According to ENISA report, as much as 83 percent Cybercriminals are guided by financial motivation. The average cost of the incident in health care is EUR 300,000 (nearly PLN 1,250,000), and these are only direct losses – without taking into account penalties for violating data.

A spectacular example of the attack was a cyber attack at Ascension Healthcare, a provider of medical services in the USA. Cybercriminals blocked systems in 120 hospitals, preventing doctors from accessing electronic patient documentation and diagnostic tests. The return to the full functionality of the facilities lasted 37 days, and the total losses reached a billion dollars.

Impact of attacks on patients’ lives

The consequences of ransomware attacks go beyond financial losses – they directly affect the health of patients. According to the Ponmon Institute’s report:

• 69 percent institutions that fell victim to cyber attacks, experienced disruption in patient care,

• in 56 percent cases have been delays in diagnostics and treatment,

• 28 percent institutions noticed an increase in patient mortality.

The European Union takes action. What?

To counteract growing threats, the European Union is implementing a plan to strengthen cyber security in healthcare. By 2026, the General European Cybersecurity Support Center for Hospital is to be created. In addition, the implemented NIS2 Directive, including Poland, imposes on medical facilities the obligation to use rigorous safety standards, reporting incidents and IT system audits.