Cyberattacks against health structures are becoming more frequent
One third of the participants in the survey (36%) had a breach in their information systems
Nearly half of the medical institutions in our country, which participated in a survey of the Bulgarian IT company Mnemonica and the Digital Health and Innovation Cluster Bulgaria, were subjected to cyber attacks (48%). One third of the respondents (36%) had a breach in the information systems. This is shown by the results of the survey, conducted in the period from 15.04 2021 to 28.05.2021. Directors of medical institutions, heads of departments and IT specialists participated.
Respondents cited phishing schemes, email attacks and malware as the most common threats. 72% of them do not have policies and procedures for responding to cyberattacks, and 80% admit that regular training of those responsible for information security is not carried out in order to increase the level of protection.
The information was presented during the forum “Cybersecurity in healthcare or how to build digital trust”. Participants agreed that one of the most important actions to be taken is to train teams on cyber threats and ensuring security.
“The most effective protection is the adaptive one. 70% of the time of cybercriminals is spent on social engineering “, said Vihren Slavchev, CEO of Mnemonica and one of the speakers at the forum. “It takes an average of 200 days to detect a digital security breach. In comparison, it only takes 45 minutes for a malicious code, once it has entered the system, to start causing damage. He cited data showing that more than 13 billion malicious emails have been blocked in the past year, and more than 2 million urls are created each month to retrieve personal information.
For Radoy Pavlov, a corporate architect and strategist at the University Hospital in Zurich, among the challenges facing IT professionals are not only the theft and deletion of personal data, but also the danger of blocking a healthcare facility. He said that among the priorities in his work for one of the 10 most digitalized hospitals in the world is how to achieve maximum protection in IoMT (Internet of Medical Things), so as not to compromise the treatment provided. Pavlov also stressed that technology is accelerating the process of digitalization, but along with the benefits, it is also accelerating the pace of development of cybercrime.
According to Dr. Radoslav Mangaldzhiev, head of the Department of Medical Oncology, SBALOZ – Sofia, it is very difficult to appropriately respond to attacks in the digital environment. This requires significant resources, as well as the involvement of resources and specialists. And while in our country doctors can take out the folders with paper documentation for each patient and continue their work, in more digital hospitals this is practically impossible. Dr. Mangaldjiev’s concerns can be answered by cybersecurity as a service (SOC).
During the forum, Vihren Slavchev cited all three of the most growing concerns of leaders in large organizations, which are:
- concerns about the consequences of a cyber incident and what could happen to the leaked information;
- insufficient user training;
- the complexity of protection in relation to malicious schemes – the more complex a system – the harder it is to work with.
It became clear during the forum that it is being discussed in the EU to criminalize ransom payment after a cyberattack has occurred.
Some of the media coverage is below: