Cybercriminals operate without discrimination, targeting banks, governments, and businesses alike, solely driven by their coding prowess to acquire financial gain. However, one of the least expected sectors to be affected by this issue is not entirely safe from it: the health sector.
The ramifications of a cyberattack on the healthcare sector are dire. Patients’ safety hangs in the balance when healthcare services and vital medical devices fall prey to these attacks. Compromising a hospital's systems can impede access to patient records, obstruct medication administration and disrupt diagnostic tests.
Unlike cyberattacks on the financial sector, where the primary concern revolves around monetary losses, attacks on hospitals can have far-reaching consequences, jeopardizing the well-being of countless individuals. Additionally, data breaches can expose private information to unauthorized parties, eroding trust in healthcare services. Though seemingly inconsequential, this breach of trust can impact patients' willingness to openly communicate about private health matters, potentially leading to misdiagnosis.
Among the common cyberattacks deployed against healthcare systems, ransomware stands out as a particularly insidious threat. Dr. Diana Vallejo, a specialist in Pneumology, fell victim to a ransomware attack during Mexico's second wave of COVID-19. By innocently opening a message on WhatsApp, her phone was hacked and the attacker demanded MX$300,000 (US$17,138) to prevent the exposure of her patients' private information.
"In the hospital, my colleagues informed me that such viruses were prevalent and connected me with a cybersecurity expert. Frankly, I had little knowledge about cybersecurity before then," recounts Vallejo. Unfortunately, her experience highlights the lack of information and awareness surrounding cybersecurity in Mexico. In fact, research carried out by CheckPoint reveals an estimated 71% increase in cyberattacks targeting the healthcare sector inside US in 2021, with around 830 attacks occurring weekly.
On the other hand, the Mexican Social Security Institute (IMSS) did invest US$442 million in 14 Mexican states to improve hospitals and health units, as reported by MBN. But such investments did not include cybersecurity measure and services, instead they were allocated to refurbish hospitals (including floors, bathrooms, electrical and sanitary installations, among others) and buy new healthcare tools, such as hospital beds, ventilators, radiotherapy units and others.
Jefferson Gutiérrez, Cybersecurity Expert, KPMG Mexico, explains: "Statistics around cyberattacks do not exist in Mexico simply because it is not mandatory to report them. Therefore, it is crucial for the country to enact a much-needed Cybersecurity Federal Law."
As cyber threats continue to evolve, proactive efforts, adaptability and a robust cybersecurity culture within the health sector are paramount to mitigate the disastrous consequences of breaches. It is important to remember that, unlike other security and system breaches, healthcare cyberattacks pose a matter of life and death that demands immediate attention and proactive measures.