The downside of digitalizing the medical industry.

A recent ransomware attack in the UK has disrupted healthcare services, with numerous reports of canceled surgeries. The attack targeted King's College Hospital and Guy's & St Thomas' Hospital in central London. Representatives from both hospitals confirmed that their partner, Synnovis, experienced a major network outage.

This has severely impacted the provision of medical services, particularly blood transfusions. Some medical appointments have been canceled or switched to other providers. According to British media, this was a ransomware attack, and patients are experiencing twice the time it takes to receive their medical test results.

The attack paralyzed Synnovis's IT systems, causing major disruptions to the provision of medical services and healthcare to thousands of patients. An analysis from Imperial College London estimated the cost of the recent London cyberattack at nearly £6 million (€7 million).

Ransomware attacks are attacks where malware prevents people from accessing data files, forcing victims to pay to access them. Cybersecurity experts believe this trend is increasing, especially in the healthcare sector.

Laura Heuvinck, spokesperson for the EU Cyber ​​Security Agency (ENISA), said: “The healthcare sector is increasingly becoming a target, as digitalization has inadvertently expanded the scope of attacks and increased phishing and ransomware attacks.”

An ENISA report published last year showed that ransomware attacks accounted for 54% of cybersecurity incidents in the sector from January 2021 to March 2023, and this type of attack was considered the “leading threat in the healthcare industry.” However, the agency stated that only 23% of healthcare organizations had dedicated ransomware programs in 2023.

The report mentions that during part of the Covid-19 pandemic, the healthcare sector was a primary target, with most of those behind ransomware attacks being motivated by financial gain. Another report from the French Digital Health Agency in May confirmed the “continued occurrence of malicious incidents” in 2023, with 581 reports of cyberattacks in the healthcare sector, at least half of which were malicious.

Meanwhile, according to a report by software company Emsisoft, ransomware attacks targeting hospitals in the US surged in 2023, affecting 46 US hospital systems across 140 hospitals. At least 32 hospital systems had their protected health data stolen.

Alan Woodward, a computer security expert at the University of Surrey in England, said that hospitals may be at risk when they “communicate with many different vendors,” making their systems more “open.”

According to this expert: "The more connections there are, the wider the scope of the attack, and therefore the more opportunities there are for criminals to infiltrate." Experts advise that it is important not to pay ransom, with some even advocating for an international ban on such payments.

Emsisoft threat analyst Brett Callow emphasized: “The advice is always to not pay because: A - you’re only encouraging criminals and B - you can’t get your data back.”

LAM DIEN