What to Do Against Cyber Attacks on Hospitals?

It was a shock for hospital staff and patients: During a hacker attack on Esslingen Hospital, the imaging examination procedures could only be used to a limited extent, and administrative data was also deleted by the attackers.

The incident shows how vulnerable hospitals are. Moreover, they are attractive targets because they are particularly dependent on functioning equipment. Therefore, the solution must not consist of isolating the facilities, as this would compromise their functionality.

Reasons for cyberattacks on hospitals and clinics

As with attacks on companies, a cyberattack on a hospital is often aimed at unauthorized access to data. Since a lot of information is stored in a medical facility, hackers often see it as an attractive target. Other reasons include monetary interests, which are usually enforced through ransom demands, or building a reputation in the hacker scene. Groups that attack hospitals and clinics in order to disturb the public peace and spread fear are particularly treacherous. These are usually well-organized groups that act very strategically.

Targeting hospitals and clinic

Access to the networks of hospitals and clinics occurs wherever there are interfaces to other systems. The storage of patient data in clouds or online databases poses a particular risk, as the facility has no influence on the protective measures. It is particularly precarious in this context that speech recognition software, which is mentioned as a measure for digitalization in the Hospital Future Act, is only available on a cloud basis. In addition, employees often gain access to the systems unintentionally, for example by opening a suspected patient email. Access can also occur during device maintenance by a service technician, as a terminal device must be connected for this.

Preventive measures to ward off cyber criminals

Experts fear that hackers have only just started to view hospitals and clinics as lucrative targets and that attacks will therefore increase. Comprehensive prevention measures at a technical and organizational level are therefore essential.

One effective method at a technical level is to encrypt the data to prevent hackers from accessing unencrypted data. This applies in particular to sensitive information transmitted between the hospital information system and the database and to all interface communications. However, the security of the encryption must be guaranteed to prevent unauthorized access to the key. An alternative could be to isolate the system from the public network, but this is costly in practice and can significantly affect the workflow, especially when using cloud applications. Therefore, the consideration of using and testing Secure Access Service Edge (SASE) solutions should also be taken into account.

From an organizational point of view, it is crucial to first identify the core applications that must be considered business-critical. Clear escalation measures should be defined for these applications in order to be able to react appropriately in the event of an incident. It is also important to carry out regular security checks, ideally in the form of external audits, in order to determine the threat situation on an ongoing basis. Another important aspect is security training, which helps to ensure that employees are made aware of potential risks and familiarize themselves with the various types of attacks. These measures are extremely important and play a key role in protecting against attacks. They should be carried out continuously and never be neglected.

Frank Becker

is Managing Director of Becker Project Consulting.