Cyberattacks against hospitals, a threat exacerbated by the pandemic

This 2021, the National Cybersecurity Institute (INCIBE) has helped in the management of 110,000 computer incidents, of which only 110 (0.1% of cases) are related to the health field. “Most of the cases detected are hoaxes about the pandemic and scams related to the sale of masks or products against covid-19 ”, points out Marcos Gómez, deputy director of services of this public entity. As this newspaper reported, last March, a year after the outbreak of the pandemic, the Spanish police had intervened in 45 attempts to steal health data or scientific information from research centers.

However, there are those who point out that the coronavirus crisis has exacerbated cyber-attacks against health centers. A report published this August by Fujitsu Spain indicated that they have shot up 150%, which could be due to the fact that more and more hospital devices are connected to the network. The opacity of these attacks makes it difficult to know their real impact.

Hunting for medical data

Hospitals have become a very delicate target, because the stoppage of their services puts lives in juice. Criminals exploit this emergency situation to demand the quick payment of a greater amount of money. On September 3, 2020, the Moisès Broggi Hospital of Sant Joan Despí was the victim of a kidnapping of the type 'ransomware'which did not expose data, but did paralyze some services. The center did not give in to blackmail. On December 17, a similar attack left without radiotherapy to up to 200 patients in the largest hospital in Asturias.

Although in these two cases it did not occur, the theft of health data from patients is something as prized as it is sensitive. "On the black market they are worth a lot of money, so it is easy to make a profit from their theft," explains Samuel Parra, a lawyer specializing in technology law. "But if criminals manage to penetrate a hospital system, people's lives can be at very serious risk."

Behind the theft of clinical data are organized groups of cybercriminals who can use them to cash in on their sale, to extort money from their victims or to impersonate their identity. Likewise, explains Parra, they are used by both data brokers and insurance companies that use them to create citizen profiles. In the European Union (EU) these data are specially protected, but in U.S they can end up being used by an insurer to deny coverage to someone when they know what ailment they suffer from.

Sources from the State Security Forces explained to this newspaper that the medical data of patients can also arouse the military interest of countries that use them to “study or theorize biological attacks or the destabilization of health services in a war scenario ”.

Global threat

In Spain that threat seems to be contained. “Spanish hospitals have reinforced their security to protect medical data (…) but we can't let our guard down”, Says Gómez. A study conducted by the UN This June, Spain ranks as the fourth international power in cybersecurity.

Still, that phenomenon is growing in other countries. A global report from the British insurer Beazley from February 2019 indicated that the toilet was the sector hardest hit by cybercriminals, as it concentrated up to 41% of computer attacks.

This year the US has registered up to 578 security breaches that have exposed the computer data of more than 40 million citizens. And those are just the big cases made public. The attacks have grown in parallel with the digitization of medical services and the arrival of the pandemic, thus accentuating its threat. Some studies already show that in hospitals where data theft occurs more, more people also die.