Estimated at €2.7 billion in 2014, the French e-health market could reach a value of €4 billion next year. Shared medical records, surgical robots, teleconsultations and online doctors are all illustrations of what the technological revolution is providing the sector. However, in order to effectively operate, connected health must process a constantly changing volume of data, which unfortunately only slows the spread of e-health. Because e-health data contains sensitive, personal and confidential information, hackers become interested and the data is therefore exposed to certain risks. In 2017, 41% of all computer attacks concerned the health sector. Today the risk is higher than ever, as there are more computer workstations than staff in a hospital.
By Julien Tarnowski, Regional Director France at ForeScout.
Remarkable progress is being made not only in the field of medicine but also in the innovation of medical devices. These technological developments have played a key role in the evolution of health. However, when health and technology become one, cyber risks emerge. Indeed, like any other connected device, medical device sensors and other software components are susceptible to being compromised by malicious and ingenious hackers.
“When health and technology become one, cyber risks emerge.”
Through ransomware, hackers infiltrate, for example, a virus into an attachment or a malicious link in an email, and then proceed to a ransom request. Remember the May 2017 episode with WannaCry. The virus affected nearly 50 English hospitals in the National Health Service, causing 19,000 appointments to be canceled. The damage caused by this attack cost the British institution nearly £100 million (€115 million).
The global market for connected health devices worldwide is expected to reach €161 million. In response to this growing phenomenon, improvements in medical device classification, protocol analysis and packet inspection will increasingly lead to changes in the network architecture of healthcare facilities’ IT environments.
E-health’s growing data vulnerabilities will once again motivate hackers this year to redouble their efforts by implementing attacks and exploiting data in much more creative ways. Unless action is taken by all stakeholders, attacks on the networks of health-related organizations will continue to put millions of people at risk. In addition, ransomware attacks will remain a threat which could provide unauthorized access to millions of personal medical records. Beyond the direct threats of hackers, human error remains a threat to the security of electronic health records, as do persistent major security breaches in the IT environments of healthcare institutions, laboratories, institutes, etc.
“Ransomware attacks will remain a threat which could provide unauthorized access to millions of personal medical records.”
Considering these various risks, health institutions must not be fooled by hackers. In the case of a ransomware attack, paying the ransom will not help because hackers are only interested in getting into the computer system, stealing the data and then selling it on the black market. Once computerized, health data—like all data—is exposed to the risk of piracy. Since it is difficult for a company to go against technology and its evolutions, prevention against cyber-risk is essential. However, it must be applied to different layers (protection of networks, infrastructure, connections, connected devices, workstations, etc.) and combined with education and respect for a set of good practices in order to build barriers that will prevent hackers from achieving their goals.