Why Have Attacks on Healthcare Organizations Increased?

A news article produced by the newspaper O Estado de São Paulo and replicated by the G1 website has pointed out that approximately 243 million Brazilians had their data exposed on the Internet due to failures by the Ministry of Health. These numbers include people who have already died. 

In practice, anyone registered with the Unified Health System (SUS) or a health plan had data such as individual taxpayer number, full name, address, and telephone number exposed.

In the previous week, 16 million people who had coronavirus had been victims of another leak caused by the same flaw: exposure of login and password that give access to the Ministry of Health’s system.

Also, a study performed by Apura Cybersecurity Intelligence has shown that there are 920,866 suspicious websites with the term “coronavirus”.

By reading this article, you will understand what has driven the recent increase in attacks against healthcare organizations. To facilitate your understanding, we have divided our text into topics that explain the reasons:

1. More Workers Working Remotely 
2. Low Investment in Cybersecurity
3. Lack of Specific Cybersecurity Professionals
4. Low Awareness 

Read it until the end!

1. More Workers Working Remotely 

Again, we quote a story from G1: according to this report, there were twice as many cyberattacks against hospital and pharmaceutical organizations in 2020 than in the previous year.

That’s because this sector represented 3% of detected digital threats in 2019. In 2020, that number rose to 6.6%. But what has changed from one year to the next? 

In fact, with the Covid-19 pandemic, many professionals have had to adhere to remote work. As a result, they began to access corporate devices from less secure environments, making IT systems more vulnerable. 

2. Low Investment in Cybersecurity

Not all healthcare organizations invest as much as they should in cybersecurity. Often, companies do not even have a department dedicated to this area, ignoring fundamental items, such as:

• Cybersecurity Policies;
• Disaster Recovery Plan;
• Controls for compliance with data protection laws and regulations such as HIPAA.

This lack of investment and old operating systems explain why cybercriminals were already finding loopholes to attack the healthcare industry even before the pandemic. 

To give you an idea, the healthcare industry is one of the main targets of ransomware attacks, along with industries, banking institutions, and government agencies.

3. Lack of Specific Cybersecurity Professionals

We know that having professionals specialized in cybersecurity is essential today. However, these experts are scarce in the job market. It is no wonder this sector has an unemployment rate of 0% and jobs that require knowledge in cybersecurity take an average of 79 days to be filled, surpassing other IT areas.

Data from 2020 indicate that, in order to have an adequate number of professionals with this knowledge in Brazil, we would have to get a 52% increase in the number of employees, from 331,770 to 636,650.

4. Low Awareness 

In addition to everything we have already shown in this article, there is a problem that affects not only the healthcare area, but countless others: low cybersecurity awareness. This means organizations also do not invest in training their employees to deal with cyber threats.

And nowadays, it is extremely important to make teams aware of the risks they assume when accessing IT systems, in addition to promoting training that makes it possible to detect and combat these threats.

These trainings must be performed periodically. That’s because technology constantly evolves, offering increasingly efficient resources to malicious users too. Thus, cybersecurity care must follow this evolution.

By reading this article, you understood the main reasons for the increase in cyberattacks against healthcare organizations. Did you like our content? Share it with someone who may also be interested in the topic.