Every time a citizen goes to a hospital for a diagnostic test, there is a chance that their most sensitive medical data will end up in the hands of a cyber hacker. The risk is that they could come from there through illegal activities at the hands of people who can decide a job or insurance.
Today, the number of incidents in Spain is over 600 a day, according to official 2020 data provided by INCIBE, the National Cryptological Center and the Joint Cyber Defense Command. Of these, an estimated 41% (246) occur in hospitals, according to the study conducted by Beazley Breach Insights . In addition, this percentage is thought to have increased notably due to the pandemic: 150% since March 11, 2020.
This problem, far from having reached the peak of the crime curve, may continue to grow in the coming years due to the evolution of medicine. For example, in Spain and during the next two years, an update of the hospital technology park will be undertaken due to its obsolescence.
By 2025, 68% of medical equipment will work connected to the Internet
While it is true that they will arrive with new defense weapons against cyberattacks, it is also true that these devices live connected to the internet. In 2019 there were around 500,000 medical devices, of which 48% were connected. In 2025, this percentage is estimated to reach 68%.
In addition to the sensitivity of the data that can be stolen, the economic component of recovering from a cyber attack is not trivial either. The Beazley Breach Insights study puts the costs of these attacks at 6.5 million.
“We have to be concerned but not alarmed. Cybersecurity is a priority for our authorities, regulators and governing bodies. Spain is a very mature country according to the different existing international studies. As an example, according to a study carried out in 2020 by the Union International Telecommunications (ITU), a specialized agency in telecommunications of the United Nations (UN), Spain is ranked number 4. Our health system has reference policies, processes and technologies for the mitigation of existing risks. Javier Pérez, director of Cybersecurity at Fujitsu in Spain.
The problem with hospitals is that they are not centers that have historically been at the forefront in aspects such as cybersecurity. This handicap, together with the huge amount of human trafficking they have, makes them one of the most chosen targets by cybercriminals.
A month ago, the problem was the center of debate in the private health employer, IDIS. The general secretary and general director of this organization, Ángel de Benito and Marta Villanueva, acknowledged that data is “the great treasure of organizations” and that they are increasingly exposed to security attacks. Hence the importance of taking the necessary precautions to avoid cyberattacks or computer intrusions that put the data and privacy of a sector as sensitive as the health sector at risk.
During the debate that brought together various experts, it became clear that the pandemic and the new ways of working have forced us to immediately adopt new challenges that we need to face in terms of security.
José Ignacio Giménez Martínez, head of Accenture’s Iberia Health Cybersecurity, explained that the classification and protection of employee or patient data is essential to implement the appropriate custody measures and prevent information leaks, as well as having the capabilities of adequate security to identify and detect threats in time.