It is clear that technology has a key role to play in improving patient care, but the rise of connected devices and smart solutions for managing healthcare environments also brings with it a number of cybersecurity risks. Since the start of the pandemic, cybercriminals looking for financial gain have focused their attacks on hospitals, clinics, research facilities and pharmaceuticals. These are critical infrastructures that handle a large amount of sensitive information and any security breach or attack has a major impact on the provision of healthcare.
This impact has been seen in the recent ransomware attack on the Hospital Clínic in Barcelona, which paralyzed its emergency and surgery services. It was also evident in the cyber-attacks on Keralty, the company that owns EPS Sanitas in Colombia and manages 48 medical centers, or on the U.S.-based CommonSpirit, which operates in 140 hospitals nationwide. These are just some of the numerous examples that corroborate the fact that healthcare is the third most attacked sector, after education and government, and the one that accounts for the greatest increase in cyberattacks in 2022.
What could make an attack more likely?
For over a decade, the healthcare industry has continued to suffer the highest financial implications from security breaches, with an average of $10.10 million per incident, according to IBM's Cost of a Data Breach Report.
Sofistic detects 5 security breaches in open-source healthcare management software and it is used by 100,000 centers worldwide
Cuatroochenta's cybersecurity division discovered five flaws in OpenEMR, an open-source medical management system used in healthcare centers in more than 100 countries to serve 200 million patients. This is the result of an ethical hacking research exercise to detect and report vulnerabilities before they are exploited by cybercrime. The breaches were reported to the manufacturer for resolution and were also published in the official vulnerability logs. .