Healthcare organisations experience 105% increase in IoT attacks in last year

A new study from Obrela Security Industries into the state of healthcare cybersecurity has revealed that the industry is under increased pressure from a significant rise in cyberattacks, with 83% experiencing an increase in attacks since the beginning of the pandemic.  

The study looked at Obrela’s healthcare attack data over the last year to understand the threat landscape and how things have evolved since the beginning of the pandemic. It also studied the attitudes of security managers within 100 UK healthcare organisations to hear about the attacks they are facing and where they are being most challenged.

The threat data highlighted a 105% increase in attacks targeting medical IoT devices when comparing attack activity from Q3 2021 to Q3 2020. When looking at more recent attack data, healthcare organisations saw a 30% increase in attacks targeting their IT infrastructure in Q3 2021 versus Q2 2021. At the same time, there was also a 36% increase in email attacks on healthcare organisations during the same period, which could be linked to a rise in ransomware infections. Additionally, there was a 24% increase in insider attacks on healthcare organisations when comparing Q3 2021 to Q2 2021 attack data.

Commenting on the results, George Patsis, CEO of Obrela Security Industries, said: “Our data shows that almost all attack vectors are increasing within healthcare organisations and that the risks posed by cyberattacks have grown significantly over the last year. The most alarming findings are around medical IoT devices, which have experienced a 105% increase in attacks last year. Medical IoT devices are routinely being brought into the healthcare environment to automate processes. However, security is often an after-thought or not a high priority. Attackers exploit this loophole, and healthcare organisations need to act now before any serious damage is caused.”

When looking at the survey data from the study, 28% of UK healthcare organisations admitted to not being compliant with the European General Data Protection Regulation. Healthcare organisations also revealed that 83% had experienced an increase in cyberattacks since the beginning of the pandemic, which has led to 80% receiving an increased security budget. However, 15% revealed that their security budgets have stayed the same despite the increase in attacks. When asked what makes UK healthcare organisations most vulnerable to cyberattacks, 50% said a lack of resources, 33% believe it is a lack of budget, 14% said a lack of skills.

“Healthcare organisations hold some of the world’s most sensitive data, and our study shows many are completely unprepared for cyberattacks. Threat actors target valuable confidential data, making healthcare a growing target, and ransomware is steadily picking up pace as today’s cyber-weapon of choice. However, most organisations will not be able to identify a data leakage or a security compromise before it is too late. When protecting against cyberattacks and ransomware, healthcare executives need to realise that preventing all attacks is nearly impossible.

Organisations must reassess their security towards operational resilience and their ability to deliver their intended outcome against adverse cyber events. Rather than buying the latest security technology, we need to understand that cybersecurity is not a product; it is a process. Therefore, we need to increase the visibility of the digital cyberspace, control access, identify malicious activity and respond to security threats and vulnerabilities before they become problems,” continued Patsis.