Cyberattacks in hospitals: a growing threat
Cyber attacks on hospitals are becoming increasingly frequent. They jeopardize patients’ access to care. As Frédéric Jallat, Professor of Marketing and Director of the “Biopharmaceutical Management” Master’s program at ESCP Business School, points out, “the healthcare sector ranked third among the areas most affected by computer attacks worldwide in the first quarter of 2023”. These figures underline the vulnerability of healthcare infrastructures to increasingly sophisticated attacks. What are the major dangers a cyber attack poses to a hospital? How can healthcare facilities prevent them?
Cyber attacks on hospitals: alarming figures
Last year, the Agence du Numérique en Santé recorded 581 IT incidents in hospitals and medical-social establishments. And almost half of these incidents were cyberattacks, specifically targeting these institutions’ IT systems.
The situation is not confined to France. A case in point is the June 2024 attack on London’s main hospitals, which prevented thousands of people from being treated, particularly in emergency departments and blood transfusion services.
Attacks that disrupt hospital care
Cyberattacks can have dramatic consequences for the smooth running of a hospital. On August 22, 2023, the Corbeil-Essonnes (Essonne) hospital was severely disrupted by a cyber attack, leading to several weeks of disorganized activities, with downgraded services and postponed operations. Patient care is at stake!
And this disorganization has a cost. The Dax hospital paid the price in 2021. A massive attack preventing all communication systems from functioning cost over 2.3 million euros.
Patient data at stake
Cyber attacks on hospitals don’t just disrupt operations. They jeopardize the security of patient data. For example, in April 2024, the Simone Veil hospital in Cannes suffered an attack in which 61 gigabytes of data were exposed by a group of hackers. Sold or transferred to third parties, this information included medical records, personal data and other sensitive information.
How can hospitals protect themselves against cyber attacks?
As the threat grows, hospitals and clinics are well advised to take steps to strengthen their cybersecurity. What can you do?
Install USB decontamination stations
USB sticks are often a vector of infection. 37% of computer threats (viruses, worms, malware, Trojans, etc.) are specifically designed to infiltrate via removable media. To protect against these attacks, it is advisable to install USB decontamination terminals, such as those offered by Tyrex.
Visitors and employees who use USB media can have their equipment analyzed and cleaned before connecting it to the hospital IT network.
Use state-of-the-art anti-virus software
Anti-virus software is the first line of defense against all types of malware. It is imperative to use state-of-the-art solutions, capable of detecting and neutralizing both known and emerging threats. In particular, these must be able to be grafted onto all the software used by the hospital (online appointment scheduling software, patient data collection, medication stock management, etc.).
For added security, regular software updates should be scheduled to maintain effective protection.
Raise team awareness of cybersecurity and phishing
Team awareness is a key component of cybersecurity. In fact, human error can open doors to malicious groups. That’s why it’s important to train staff to recognize phishing attempts and adopt good IT security practices.
This significantly reduces the risk of infection and data theft. Regular training sessions and awareness campaigns can reinforce vigilance and understanding of current threats. For example, workshops including phishing simulations, where fictitious but realistic emails are sent to employees can help them identify and report intrusion attempts.
