India Had 2nd Highest Number Of Cyber Attacks In The World In 2021



The exponential growth of the global healthcare IT market brought about due to the outbreak of the 2020 global pandemic is a contributing factor to the significant rise in cyberattacks targeting the sector. Safeguarding the medical and financial information of patients emerged as a new challenge for healthcare companies.

If anything at all — in the past two years — the healthcare sector has radically transformed owing to the global pandemic and so has data storage and processes in the industry. The global healthcare industry was valued at $359.2 billion in 2021 and is expected to reach $665.37 billion by 2028, according to Verified Market Research — a global research and consulting firm.

However, this exponential growth is also a contributing factor to the significant rise in cyberattacks targeting the sector. Safeguarding the medical and financial information of patients emerged as a new challenge for healthcare companies.

India ranked second in cyber attacks on healthcare systems of all countries in 2021, according to a report released by CloudSEK, an artificial intelligence company that deals in cyber threats. India accounted for 7.7 percent of the total cyber attacks on healthcare systems last year.

The United States recorded the highest number of cyber attacks and breaches in 2021 — at 28 percent — due to heavy digitisation of the health sector, and huge investments and growth opportunities in the industry that makes it a lucrative area to target.

France ranked third in the world for the number of attacks on the healthcare industry, accounting for seven percent of all attacks. According to the report, the number of cyberattacks against the industry has increased by 95.34 percent in the first four months of 2022 as compared to the number of cyberattacks in 2021.

Why are cyberattacks the biggest concern for healthcare?

Medical industry has a plethora of patient records containing personal and sensitive information such as name, address, contact details, social security number, and financial information. This confidential data can be sold easily for a huge sum of money.

Confidential patient data needs to be available to multiple medical professionals, on-site and remote for proper examination. Especially after the pandemic, remote access to data has become an important element of the healthcare industry. In such a time-sensitive environment, data is shared instantly without consideration for the security of the devices on which it is shared.

“With increasing advancements in technology, the number of medical devices in healthcare institutions has risen rapidly. With the primary focus of such devices being healthcare, more often than not they aren’t equipped with proper security algorithms. Although most of these devices don’t store patient information, they can be leveraged by attackers to access the network of servers these devices are connected to, which store valuable information,” said Rahul Sasi, Founder and CEO, CloudSEK.

More data means more phishing

Phishing is the most common cyber threat in healthcare, where malicious links are embedded in an otherwise innocent email. Several phishing campaigns were uncovered during the global pandemic, in which attackers posed as the WHO (World Health Organization) and sent malicious links to people claiming to be the most recently issued safety guidelines.

“Given the scale and significance of the healthcare industry, it is vital for institutions, employees, and healthcare professionals to ensure that the data they gather and store is not leaked or exploited by cybercriminals,” said Sasi.

Ransomware attacks, DDoS (Distributed Denial of Service) attacks, Insider Threats, Critical Infrastructure & Medjacking, etc, are other immediate challenges to the healthcare sector.

Securing the right to healthcare

According to the report, vaccination records is amongst the most targeted data types followed by personal information of health workers and patients which includes name, address, email, contact number and gender of the patient.

A threat actor published a post on a cybercrime forum advertising the records of 150 million Indians who have received the COVID-19 vaccination and selling them for USD 800. On 27 May 2021, another threat actor advertised a database containing 150 million records of vaccinated Indian citizens over a private Telegram channel. This database was being sold for USD 1,000.

Sasi said government agencies involved in the healthcare industry should abide by HIPAA’s (Health Insurance Portability and Accountability Act) compliance requirements, create awareness among users regarding cyber-attacks, online scams, and phishing campaigns, set up policies for secure passwords and enable multi-factor authentication (MFA).

Organisations should frequently update and patch networks, systems, and software and keep several backups, both online and offline, in different and secure places, he added.

According to the report, the COVID-19 pandemic forced the healthcare industry to adopt various new technologies which they weren’t fully equipped to handle. The transition wasn’t smooth and left multiple gaps in cybersecurity for the attackers to exploit.


Source link