Computer attacks against hospitals and scientific centers seek to steal medical data from citizens and research data
Despite not being the majority, this trend is especially sensitive due to the impact it can have on the privacy and health of patients
At the end of September 2020, a computer attack brought down the systems of UKD, the main hospital in Düsseldorf, Germany. The ruling forced the shutdown of emergencies and diverting ambulances, a delay that could have led to the death of a 78-year-old woman. In Spain, attacks against hospitals and centers scientific investigation they are a residual part, but no less sensitive for that.
This 2021, the National Cybersecurity Institute (INCIBE) has helped in the management of 110,000 IT incidents, of which only 110 (0.1% of cases) are related to the health field. “Most of the cases detected are hoaxes about the pandemic and scams related to the sale of masks or products against covid-19”, He says Marcos Gomez, deputy director of services of this public entity. As this newspaper reported, last March, a year after the emergence of the pandemic, the Spanish police had intervened in 45 attempts to robo from health data or scientific information from research centers.
However, there are those who point out that the coronavirus crisis has exacerbated cyber-attacks against Health centers. A report published this August by Fujitsu Spain indicated that they have shot up 150%, which could be due to the fact that more and more hospital devices are connected to the network. The opacity of these attacks makes it difficult to know their real impact.
Hunting for medical data
Hospitals have become a very delicate target, as the stoppage of their services puts lives on the line. Criminals exploit this emergency situation to demand the quick payment of a greater amount of money. On September 3, 2020, the Moisès Broggi Hospital of Sant Joan Despí was the victim of a kidnapping of the type ‘ransomware‘which did not expose data, but did paralyze some services. The center did not give in to blackmail. On December 17, a similar attack left up to 200 patients at the most important hospital in Asturias without radiotherapy.
Although it did not occur in these two cases, the theft of patients’ health data is something that is both highly valued and sensitive. “At black market they are worth a lot of money, so it is easy to profit from their theft, “he explains Samuel Parra, lawyer specialized in technological law. “But if criminals manage to penetrate a hospital system, people’s lives can be at very serious risk.”
Behind the theft of clinical data are organized groups of cybercriminals that they can use them to make money with their sale, to extort money from their victims or to impersonate their identity. Also, explains Parra, both data brokers and insurance companies use them to create profiles of citizens. In the European Union (EU) these data are specially protected, but in U.S they can end up being used by an insurer to deny coverage to someone when they know what ailment they suffer from.
Sources from the State Security Forces explained to this newspaper that the medical data of patients can also arouse the military interest of countries that use them to “study or theorize biological attacks or the destabilization of health services in a war scenario ”.
In Spain that threat seems to be contained. “Spanish hospitals have reinforced their security to protect medical data (…) but we cannot lower our guard,” says Gómez. A study conducted by the HIM-HER-IT this June places Spain as the fourth international power in cybersecurity.
Still, that phenomenon is growing in other countries. A global report by the British insurer Beazley from February 2019 indicated that the health sector was the sector hardest hit by cybercriminals, accounting for up to 41% of computer attacks.
This year the US has registered up to 578 security breaches that have exposed the computer data of more than 40 million citizens. And those are just the big cases made public. The attacks have grown in parallel with the digitization medical services and the arrival of the pandemic, thus accentuating its threat. Some studies already show that more people also die in hospitals with the most data theft.