The healthcare sector in the UK is under constant attack . In 2020 81 % of UK healthcare organisations detected attempted ransomware attacks . A 2021 survey , amongst local cybersecurity managers in the healthcare sector , found that 44 % of healthcare organisations refused to pay a ransom demand with catastrophic consequences of losing their healthcare data . In 2022 , cyberattacks in the public sector rose another 77 %.

Hospitals have become increasingly attractive targets for ransomware attacks due to their comprehensive patient databases , sensitive information and their interconnectedness between systems and equipment . Moreover , poor security measures have made hospitals vulnerable to cyber threats . When attacked , cybercriminals can potentially take control of entire hospital systems and gain access not only to patients ’ health information but also their financial and insurance data .

Hospitals are severely impacted by cyberattacks , which can lead to a reduction in patient care , loss of access to electronic systems and a reliance on incomplete paper records . This can also result in the cancellation of surgeries , tests , appointments and , in some cases , even loss of life .

Some shocking facts discussed in the report include :

• In the first three quarters of 2023 , the global healthcare sector experienced a staggering 1,613 cyberattacks per week , nearly four times the global average , and a significant increase from the same period the previous year .

• The healthcare sector has seen a dramatic surge in cyberattack costs over the past three years , with the average cost of a breach reaching nearly US $ 11 million , more than three times the global average . This makes healthcare the costliest sector for cyberattacks .

• Ransomware attacks have been the most prevalent type of cyberattack on healthcare organisations , accounting for over 70 % of successful attacks in the past two years .

• The majority of cyberattacks ( between 79 % and 91 %), across sectors , begin with phishing or social engineering tactics , which allow cybercriminals to gain access to accounts or servers .

• According to KnowBe4 ’ s 2024 Phishing by Industry Benchmarking Report , healthcare and pharmaceutical organisations are among the most vulnerable to phishing attacks , with employees in large organisations in the sector having a 51.4 % likelihood of falling victim to a phishing email . This means that cybercriminals have a better than 50 / 50 chance of successfully phishing an employee in the sector .

“ The healthcare sector remains a prime target for cybercriminals looking to capitalise on the life-or-death situations hospitals face ,” says Stu Sjouwerman , CEO of KnowBe4 .

“ With patient data and critical systems held hostage , many hospitals feel like they are left with no choice but to pay exorbitant ransoms . This vicious cycle can be broken by prioritising comprehensive security awareness training to empower employees and cultivate a positive security culture as a strong defence against phishing and social engineering attacks .”

To download a copy of KnowBe4 ’ s International Healthcare Report , click here . �

www . intelligenthealth . tech 57