Since 2021, health and pharmaceutical companies have come under severe cyber-attacks. Cybercrime involving health-related data is a global concern because of the steep increase in these attacks. Therefore, information security teams are beefing up processes in preventing cybercrime in healthcare. In several reports online, information security officers said that cyber-criminals are becoming more sophisticated in their attacks on healthcare systems. For example, some cyber-attacks are so serious that they hamper urgent medical care for patients in need. Health-related data is a special category of personal data. If you fail to protect it, it could cause harm to many people. Therefore, when you process or store health related data, you must take extra care to protect it from cyber-criminals.

Case studies

Dis-Chem cyber attack

In May 2022, Dis-chem announced that cyber criminals unlawfully accessed more than three million customer records in a cyber-attack. Although Dis-chem and its operator took steps to determine the scope of the compromise they were unable to clarify if cyber-criminal published customers’ personal information.

The Yuma Regional Medical Center cyber attack

In April 2022, the Yuma Regional Medical Center in Arizona disclosed that it was struck by a ransomware attack that exposed the data of 700,000 individuals. The United States Department of Health and Human Services (HHS) said that the breach was the largest ransomware attack. According to HHS Data, there have been 244 electronic data breaches of healthcare organizations from January to May 2022. The HHS reported that cyber-criminals also attacked its website leaving 500 victims affected.

Why is healthcare data vulnerable to cyber-attacks?

Although organisations invest heavily in cybersecurity, information security officers discover new threats daily. The steep increase in healthcare data breaches globally is a clear indication of how vulnerable healthcare data is to cyber-attacks. There are many reasons why this is. For example:

  • Patient medical records have a high monetary value to hackers. It’s cruel but true.
  • Medical devices are easily compromised. There are many reports of hackers taking over a medical device, preventing healthcare organisations from providing necessary life-saving treatment to patients.
  • Healthcare workers are extremely busy at work. It leaves no room for them to receive any form of awareness training about online threats to their patients’ data.
  • Devices used to share patient data are not encrypted and are susceptible to cyber criminals.
  • Although technology investments enhance cyber security on medical equipment and devices, many facilities (especially state facilities) do not have the funds.

What can the healthcare industry do about cyber-attacks?

It is a statutory duty to protect healthcare data. Protecting healthcare data is challenging because there are often multiple healthcare laws that apply. Medical records are highly confidential. So, if it falls prey to a cyber-criminal, it could have devastating consequences for a patient. Therefore, information security teams must put strict measures in place to secure patient data. For example, they could invest in more sophisticated technology to boost their cybersecurity measures.

If funding is an issue, there are simple steps the industry can take to protect patient data from harm. For example:

  • You can make healthcare workers more vigilant by implementing awareness sessions about cybercrime and cybersecurity. This does not have to be lengthy sessions. They can be as brief as 30 minutes, once a week.
  • Ensure that medical devices are encrypted and access control. Restrict access to medical data to only those who need it to adequately care for a patient.
  • Follow the Access to Information Act Guidelines on making information available electronically.

Actions you can take

  • Familiarise yourself with the Cybercrimes Act by reading it in the form of a website.
  • Understand the impact of the Cybercrimes Act on your organisation by subscribing to our cybercrime programme.
  • Gain practical insights into the effects of the Cybercrimes Act on healthcare and other industries by joining the Michalsons team for a half day Cybercrime Law Online Workshop.