If a hospital is attacked by hackers in Germany, there is a high probability that Jasper Bongertz’ cell phone will ring a few hours later. This has happened half a dozen times in the past 24 months. And the intervals between calls are getting shorter. “Attacks on clinics are increasing,” says Bongertz, IT expert at G Data Advanced Analytics.
The procedure for Bongertz is the same after each of these emergency calls: He gets into his car and rushes to the affected clinic as quickly as possible. “We normally fend off hacker attacks on companies remotely from our office. But with such complex IT infrastructures as in hospitals, the processes on site can be better coordinated,” says Bongertz.
But there is another reason why he wants to be on site as quickly as possible in the event of such attacks: “Attacks like this are not just about data or money. In the worst case, it can be a matter of life or death.”
also read
A few days ago, Holger Münch, President of the Federal Criminal Police Office (BKA), warned of increasing cyber attacks on medical practices and universities. Overall, the BKA sees the healthcare system as “a popular target for cyber actors for a long time”. The virtual attacks would include hospitals, health insurance companies, social services and IT service providers for corresponding facilities.
also read
By monitoring hacker activities on the Darknet, i.e. the hidden part of the Internet that can only be accessed using a special browser, the BKA was able to identify a significant increase in global attacks on medical facilities.
Using the service provider eCrime.ch, the BKA counted a total of 173 victims from the healthcare sector worldwide in 2022. In the first half of 2023, the number of identified victims is already 163. The BKA figures are exclusively available to WELT.
The finds are so-called leak sites on the dark web, where cyber criminals publish the actions of the attacked facilities. These are usually published when companies refuse to pay extortion money.
The actual number of attacks in the healthcare sector is therefore likely to far exceed the number of leak pages that can be viewed. The number of cases known to the BKA relating to the healthcare system in Germany is in the high single-digit to low double-digit range for 2022 and the first half of 2023.
Hackers also accept disasters
The BKA sees the reason for the increase in attacks in the medical sector in the high relevance of the industry for the care of society. For example, financially motivated cyber actors can assume that victims of these facilities are “particularly willing to pay” in order to avoid restrictions in the provision of care.
At the same time, the BKA emphasizes that in many cases of attacks there would not be any serious effects, but only “restrictions in IT management systems”.
Still, there are instances where cyberattacks can spread to medical facilities to catastrophe. This became apparent around 2020, when computer criminals attacked the university clinic in Essen.
also read
attacks on infrastructure
After the emergency room had to close due to the attack and ambulances had to be referred to other clinics, one patient is said to have died because of the delay.
At the time, the attack on the Düsseldorf clinic was widely reported in the press. But even away from the public eye, larger and smaller hospitals are regularly the focus of hackers – often with drastic consequences for the clinics and medical care. The financially tense situation of many clinics further exacerbates the risk.
Florian Oelmaier, IT expert at the Munich management consultancy Corporate Trust, has already been called out twice to hospitals. Once it hit a private clinic in Bavaria, once a municipal hospital in Hesse.
More on hospital reform
Apparently, the perpetrators didn’t have too much trouble penetrating the networks of the houses. “We are observing that the financial bottlenecks in many clinics are obviously having consequences for IT security. The IT infrastructure, especially in smaller clinics, is often piecemeal and often has gaps,” says Oelmaier.
The IT specialist experienced the consequences of the attacks at first hand during his assignments. Whole departments had to be shut down in the two clinics. “Procedures in hospitals are largely digitized. If the computer suddenly stops working, the nurse no longer knows which patient is getting which pills, and the doctors no longer have any findings,” says Oelmaier.
Smaller hospitals have an advantage
IT expert Bongertz has had similar experiences. The larger the clinic is and the more digitized the processes are, the greater the problems.
“You have to assume that if a cyber attack on a clinic is successful, the staff will have to resort to pen and paper. In large clinics, however, almost everything is digitized, even the delivery of food to patients. In one fell swoop, the entire operation is paralyzed,” says Bongertz. Smaller hospitals, in which doctors and nurses are traditionally closer to the patients, are therefore at an advantage in the event of attacks.
also read
attacks on infrastructure
According to Oelmaier, financial interests are behind the attacks. “The perpetrators usually send phishing e-mails indiscriminately and then wait to see which companies fall for them and open the malicious attachments,” says Oelmaier. The perpetrators would then use the stolen access data to penetrate the networks, extract data and encrypt the systems.
According to Oelmaier, what follows is classic blackmail. “The perpetrators are demanding money to make the IT system accessible again. In order to emphasize their claim, they also threaten to publish the captured data,” says the IT expert.
This form of blackmail would have particular potential in private clinics. “Medical data, especially from prominent patients, is very sensitive. That’s why private clinics in particular are often tempted to give in to blackmail and pay,” says Oelmaier.
also read
Head of the Asklepios clinic chain
But more and more doctors in private practice in Germany are also experiencing attacks from the Internet. Christian Schülke, owner of an IT security company in Langen, Hesse, sees medical practices as particularly at risk.
“Hackers often do not attack the practices directly, but the manufacturers of the doctors’ software that the doctors work with,” says Schülke. The perpetrators could theoretically penetrate a large number of medical practices with a successful hack.
Medical data is of great value
Schülke also sees another reason why attacks on medical infrastructure are increasing. “Personal health data is very useful for cybercriminals. After the blackmail, they can possibly sell them on to third parties,” says Schülke.
The Federal Office for Information Security (BSI) also confirms this assessment. “On the Darknet, captured medical data, especially complete patient files, have a comparatively high value,” says the BSI. In addition to blackmail attempts against medical practices or other medical facilities, there were also “sporadic” blackmail attempts against individuals.
also read
But healthcare facilities can also be lucky in misfortune. Apparently, some cyber attackers let go of their victims when they realize that they are dealing with vital facilities such as hospitals. “These are the last remnants of a hacker ethos that at least some cybercriminals adhere to,” says expert Oelmaier.
IT specialist Bongertz can confirm this. He reports that in two known cases, the attackers let go of their victims when they realized they were hospitals. In the cases to which he was called, however, the perpetrators simply did not care that their attack could claim human lives.
You can listen to our WELT podcasts here
In order to display embedded content, your revocable consent to the transmission and processing of personal data is required, since the providers of the embedded content as third-party providers require this consent [In diesem Zusammenhang können auch Nutzungsprofile (u.a. auf Basis von Cookie-IDs) gebildet und angereichert werden, auch außerhalb des EWR]. By setting the switch to “on”, you agree to this (which can be revoked at any time). This also includes your consent to the transfer of certain personal data to third countries, including the USA, in accordance with Art. 49 (1) (a) GDPR. You can find more information about this. You can withdraw your consent at any time via the switch and via privacy at the bottom of the page.
“Everything on shares” is the daily stock exchange shot from the WELT business editorial team. Every morning from 5 a.m. with the financial journalists from WELT. For stock market experts and beginners. Subscribe to the podcast at Spotify, Apple Podcast, Amazon Music and Deezer. Or directly via RSS feed.