PremiumIn July 2018, Singapore’s largest healthcare service providers, SingHealth, reported a major data breach involving personal data like user names, addresses and dates of birth of over 1.5 million users who were admitted at their various facilities between May 2015 and July 2018. The data even included details of the country’s Prime Minister, Lee Hsien Loong. SingHealth wasn’t the only medical facility that was targeted. Attacks on Healthcare were among the highest in 2017-2018. WannaCry ransomware alone crippled several medical facilities across the world. A May 2018 report by cybersecurity firm Cyclance, claims that healthcare sector accounted for 34% of all ransomware attacks in 2017.
A year down the line, the attacks on healthcare sector have reduced significantly. According to a new Kaspersky report, in 2019, attacks on medical devices, which include everything from servers, computers, smartphones, tablets, IoT devices, and connected hospital machines have gone down by almost one third since 2018. It notes that in 2017 and 2018, around 30% and 28% of hospital devices were infected, while in 2019 only 19% of medical devices were.
Though attacks on medical facilities have declined worldwide, in many of the countries in the APAC region such as Venezuela (77%), Philippines (76%), Libya (75), and Argentina (73%), Bangladesh (58%), Thailand (44%) the number of reported threats are still very high.
“In as much as we want to believe that everybody was awakened by the damage brought about by the Wannacry attack, the reality is that some countries are still lagging behind securing their medical devices," Yury Namestnikov, head of Global Research and Analysis Team (Russia) at Kaspersky, said in an official press statement.
Kaspersky calculated these figures by dividing the number of devices used by healthcare service providers in the countries with Kaspersky solutions by the number of devices where malicious codes were detected.
Namestnikov further points out, that the propensity of attack depends on how much the government is spending on cybersecurity in the public health sector. Also, the awareness among people inside medical facilities towards cybersecurity is still quite low. Even in countries like US and Canada, the awareness levels are still very low. According to another Kaspersky survey of healthcare facilities in the two countries, 32% of the participants said that they didn’t get any cybersecurity training from their employers. About 1 in 10 senior management level employees admitted that they had no clue about their organisations’ cybersecurity policy.
The report identifies, outdated Microsoft Office accounts as the biggest culprit accounting for 59% of attacks in 2019, followed by Eternal Blue (32%), a security vulnerability in Microsoft’s Windows operating system.
