Hundreds of healthcare cyber-attacks take place around the world every week, with an average of at least 200,000 patient data affected. On an annual level, the number of victims affected by cyberattacks exceeds hundreds of millions, and the damage caused by cybercriminals reaches 50 billion euros, in this regard, the conference organized recently by Hungarian Health Management Society.
Health information is particularly sensitive data, while a bank data is worth a few dollars on the black market, hundreds or even thousands of dollars are paid for patient data generated in the health sector.
A huge amount of data is generated in healthcare, and institutions collect extensive data during patient examinations. These are particularly valuable to cybercriminals because of their high value and importance, he said Tamás Palicz is a healthcare cybersecurity expert. At the same time, cyberattacks do not only mean data theft, there are so-called ransomware attacks, but there are also attacks against medical devices, when patients become targets through medical devices connected to the Internet. But DDoS attacks, i.e. attacks that paralyze services, also pose an additional threat, the expert listed. In such cases, the goal of criminals is to overload systems or websites, which can lead to shutdowns and access problems. Defending against cyber attacks is therefore a particularly acute challenge in healthcare, where data saves lives, he added.
Every third person may be at risk
Today, every third respondent expects to be hit by a successful hacker attack in the near future, which can otherwise be avoided with a better spending allocation, said Mihály Zala, Ernst & Young’s technology risk management and cyber security partner. There is nothing new under the sun, the sensible use of structured data can really move the world forward. Mihály Zala mentioned as an example that we pour data into artificial intelligence every day. Google’s search robots also work by collecting every IP address every week and organizing the information they find there. It is possible to defend against cyber attacks, the expert pointed out.
A series of crises have occurred in the past decade
In relation to the crises of the past period, he also mentioned the Danube and Tisza floods, the red mud disaster, and mass immigration Tibor Lakatos, police brigadier general, deputy director general of the Defense Administration Office at IME’s Data-Driven Health and Cybersecurity Conference. Then came the coronavirus epidemic, and the Russian-Ukrainian war broke out. The operational staff was formed in 2020 and operated for 806 days. And on February 24, 2022, the operations staff was established in order to coordinate the tasks of the Ministry of the Interior related to the war, said the police brigadier general. In the future, according to a government decision, a new one will be created crisis management organizational system.
A cyber attack has been launched
In order to ensure the cyber security of the healthcare sector, there was a so-called HunEX exercise last year, which took place online and analyzed the cyber attack based on 56 evaluation criteria, he said. Zoltán Aradi, ethical hacker of the National Cyber Defense Institute. The exercise went well and received positive feedback, he added.
Cyber defense exercises organized for the healthcare sector were of great interest. Altogether 27 health institutions
joined HunEx – listed the expert. At the events, more than 160 professionals had to solve and communicate 14 technical and five non-technical tasks, and the participants exchanged more than a thousand electronic letters.
Last year’s frame story was that the healthcare sector was hit by a ransomware attack and the hackers demanded a ransom of three million euros. A huge panic broke out. After the attack, the infected device and a server were isolated and the participating competitors had to decrypt it.
The aim of the action was to assess the capabilities in the event of a possible ransomware attack, as well as to reveal the shortcomings.
Many people in healthcare institutions have also tried phishing. For example, the password used to log in was shared with the hackers, the ethical hacker said.
Among the positives, he mentioned that during the test, 99 percent of colleagues reported to their own institution that they had given out their password to a stranger.
A series of decisions is influenced by a laboratory data
Our joint responsibility is for data security and for health industry companies to prepare for the requirements of NIS2, i.e. the application of the EU cyber security directive. Most of the health data is generated in diagnostics, that’s all Szabolcs Németh, project manager of Roche Magyarország Kft., spoke.
In laboratory medicine
- the data is 94 percent objective data;
- 60-70 percent is data influencing clinical decisions;
- and 37 percent are medical guidelines.
Through data theft and phishing, personal and especially confidential information can fall into unauthorized hands, which can have serious consequences for both patients and healthcare institutions, said the Hungarian Health Management Society data-driven healthcare and cyber security conference.
Hopes and fears
The use of artificial intelligence (AI) in healthcare raises both hopes and fears. Patients often have a negative opinion about the use of artificial intelligence: many expect faster and more accurate analyzes from it, but at the same time they worry that we rely too much on machines. Many people support the use of health data for research purposes, but there are also common concerns about data management: patients do not want to offer their data widely.
Data is treasure
Today, our health and even our lives largely depend on our own and other people’s health data, their processing and analysis. In data-driven healthcare, we rely on the data generated during care and their analysis, with the aim that healthcare workers, doctors and patients themselves better understand the given state of health, the details and connections of diseases, in order to provide faster, more efficient and be able to develop more personalized treatments. In data-driven healthcare, it becomes possible for healthcare decision-makers and doctors to make more accurate diagnoses, predict health risks, and develop a more targeted treatment plan for patients.
Data-driven healthcare includes the automated analysis of data and the application of technologies based on algorithms, thus helping to increase the efficiency of healthcare systems and better distribution of resources, it was said at the conference.
