Top 10: Most Serious Healthcare Cyber Attacks
Top 10: Most Serious Healthcare Cyber Attacks unknown
Healthcare cybersecurity is critical, because breaches can disrupt patient care, expose sensitive information, and cause huge reputational and financial damage.
At the time of writing, the latest serious healthcare security breach was suffered by three major London hospitals, who were hit by a ransomware cyberattack that wreaked havoc across clinical services.
King’s College Hospital, Guy’s and St Thomas’s are among those affected, and the incident has had a major impact on the delivery of services, especially blood transfusions and test results, the hospitals say.
Cyberattackers target healthcare providers for several reasons:
- Medical records contain comprehensive personal data useful for identity theft, insurance fraud, and blackmail
- Health information has a higher black market value than credit card details
- Many healthcare systems have outdated security measures due to budget constraints and legacy technology.
- Healthcare providers are more likely to pay ransoms quickly to restore systems and prevent patient harm.
- The interconnected nature of healthcare networks presents a huge attack surface.
The following are some of the most serious healthcare cyberattacks, in terms of numbers affected and the personal harm caused.
10 PACS System
Country: India
Year: 2019
Researchers discovered millions of patient X-rays and medical images exposed online across India. The breach involved Picture Archiving and Communication Systems (PACS), which hospitals use to store and transmit medical images.
The issue was not a targeted attack but a security misconfiguration, with PACS servers left unsecured and connected directly to the internet. Over 121 million images from more than 16 million scans were accessible without password protection. Exposed data included patient names, birthdates, and examination details.
Country: Australia
Year: 2017
Medicare, Australia's universal health insurance scheme administered by the government, faced a data breach that involved the personal information of approximately 2.9 million Australians being offered for sale on the dark web.
The leaked data included Medicare card numbers, names, and addresses. Unlike typical hacks, this breach resulted from an unauthorised individual accessing the data through a legitimate Medicare access channel, suggesting an insider threat or compromised provider credentials. The breach was discovered when the data was advertised online, prompting a federal police investigation.