Hospitals need unified strategy vs ransomware

Healthcare was the second-most attacked sector by ransomware in the first half of 2024.

Hospitals should integrate their defenses into a single platform, analysts said, as data leaks in healthcare doubled in three years.

“Over 200 new internet-facing and cloud services are added to the healthcare sector every month,” Steven Scheurmann, regional vice president for ASEAN at Palo Alto Networks, Inc., told Healthcare Asia. “This increases the number of potential entry points for attackers.”

By reducing security risks and monitoring their systems continuously, healthcare organisations could boost their defences before threats turn into crises, he said in an emailed reply to questions.

Healthcare data leaks have doubled in three years despite a 50% increase in tracked leak sites, according to a Google Threat Intelligence Group report. Ransomware-driven disruptions have threatened the lives of patients and the broader healthcare supply chain, it added.

One example is the PHOBOS ransomware attack in February 2024 that targeted 25 Romanian hospitals and disrupted more than 100 healthcare facilities. Similarly, a Hong Kong-based hospital was thrown into disarray after a cyberattack in April 2024.

The industry was the second-most affected sector by ransomware in the first half of 2024, said Scheurmann. “A key reason for this is the sector’s rapidly evolving attack surface.”

Patients can lose confidence in hospitals due to repeated data compromises.

“This can slow down technological adoption and innovation,” Scheurmann said. “Without stronger security measures, hospitals risk operational instability and, ultimately, compromised patient care.”

Strong protection requires tested backup plans and staff training to build a security-conscious culture, said Lim Yihao, lead threat intelligence advisor for Japan and Asia-Pacific at Google Threat Intelligence Group.

“As employees are often the first line of defence against any cyber attack, awareness and understanding of tactics commonly deployed by threat actors is important,” he said in an emailed response.

Scheurmann noted that phishing and social engineering attacks continue to be amongst the most effective ways for cybercriminals to gain access to hospital networks. “Business email compromise was one of the top three most common investigations in the healthcare sector in 2024.”

These attacks manipulate trust to deceive staff into clicking on malicious links, opening compromised attachments, or revealing login credentials, he said. “Without continuous cybersecurity awareness training, even the most sophisticated defenses can be rendered ineffective.”

A “zero-trust framework,” which assumes that no user or device is inherently trustworthy, can help mitigate risks, said Seonji Lee, a consulting associate at Frost & Sullivan.

“These frameworks are becoming regulatory mandates in the United States and the European Union, with potential applicability in the Asia-Pacific in the longer term,” she said in a StreamYard interview.

Artificial intelligence (AI)-powered anomaly detection is already reducing ransomware response times, she pointed out. “Hospitals relying on cloud-based systems will need to rethink their perimeter of defence.”

However, Lim warned that hospitals should also be cautious of AI-enabled cyberattacks since they make threats faster, more scalable, and harder to detect.

For instance, AI could be used to create advanced phishing emails that could bypass traditional security filters and automate malware attacks on a large scale, he said.

“Misconfigured cloud storage and insecure application programming interfaces could become prime targets for cybercriminals,” Lim said. “Attackers could alter critical data such as allergies, prescriptions, or test results.”

Outdated software also poses a major risk, especially with the rise of connected medical devices, which can be exploited to gain unauthorised access.

“A single breach often allows threats to move laterally across the organisation to launch further attacks or to engage in theft of highly valuable healthcare data,” he added.