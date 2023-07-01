According to the Clusit report in 2022, the sector that saw a strong growth in cyberattacks was that of healthcare. Global trend also confirmed in Q1 2023 with +17% vs 12% in 2022. Italy is no exception, where cyberattacks in the last 4 years have tripled. The data emerge from the “Healthcare” focus of the Clusit report for the first quarter of 2023 presented during the Healthcare Security Summit. The focus is promoted with the four national associations Aiic, Aisis, Anra, Aused and in partnership with Microsoft. The survey analyzed the state of the art of cybersecurity in the healthcare and pharmaceutical sectors.

The important thing is to monetize

From the data of the Clusit Report – and in particular from the focus Healthcare 2023 – it emerges that the objective of cybercrime in the healthcare sector is monetisation. The attacks in the first 3 months of the year were in fact almost all attributable to “cybercrime”, in line with last year’s trend. Except for a small percentage (3%) referable to episodes of “hacktivism”. Health data are in fact precious for many subjects and feed a particularly thriving black market, traceable on the dark web. Again, illustrating the data from the Healthcare focus of the Clusit Report, the researchers highlighted that in the first quarter of 2023 more than a third of the attacks recorded throughout the last year were detected.

Lack of preparation for new challenges

Alessandro Vallega of the Scientific Committee of Clusit

This trend expresses the difficulty in protecting information systems by a sector forced, like many others, to rapidly digitise. Sector under particular pressure from the pandemic years, but also undoubtedly arrived less prepared than others for this challenge.

Growing cyberattacks in Italian healthcare, says the Clusit report

The impact severity of healthcare incidents was overall lower than average for the first three months of the year, with 71% of incidents classified as “severe” or “critical” versus an average of 80% . However, as this is the most affected sector, the global impact is still extremely high. And the social consequences of the interruption of services in this area, or the dissemination of information on the state of health of citizens are particularly relevant.

A third are malware attacks

Italian health facilities in the first quarter were mostly affected through unknown techniques. About a third of cases from malware. The use of vulnerabilities as an entry point to breach systems accounted for 16% of cases over the period. Also noteworthy, according to Clusit researchers, are 9% of attacks based on identity theft and account violations, much higher than the average.

Focus on education and awareness

Today, healthcare organizations use technology, networks and digital tools for a large part of their business. For guarantee the security of the entire system requires that everyone be aware of their use, know the IT risks and countermeasures. Otherwise, criminals are allowed to cause great damage to people and organizations, interrupting care services, blackmailing each other and selling the stolen data.

Alessandro Vallega of the Scientific Committee of Clusit

These are threats for which healthcare organizations should certainly be better equipped, even with constant checks on system vulnerabilities. Because the consequences of these attacks are not only economic and organizational: citizens and society are at risk.

Invest more

Unfortunately, the Clusit researchers again highlighted, contrary to what is often believed, it is not only users with intermediate positions within healthcare and pharmaceutical companies who need training. It frequently happens that even the top management of organizations with specific and high-level skills in economics, legal and health issues, are not aware of cybersecurity. Often these profiles are reserved access to privileged accounts, with authorizations to carry out banking operations and provide administrative inputs: for this reason they are very interesting targets for cyber criminals.

He Pnrr

The Pnrr envisages funding of approximately 2.5 billion for the enhancement of digital tools, infrastructure and the health record. However, investments for the specific training of healthcare personnel are not included. It is therefore essential that individual organizations invest in staff awareness and training programs and that they adopt appropriate security policies and procedures to protect health data and prevent cyber attacks.

Alarm in the health sector: growing cyberattacks

Alessandro Vallega of the Scientific Committee of Clusit

Even in the health sector, the best prevention is training. This must lead to awareness in the use of digital technologies, to operate safely and not compromise any countermeasures already in place.

Share this: Twitter

Facebook

