At one time, cyber criminals held off from attacking the world’s healthcare institutions for reasons of ethics, but no longer, says Shayimamba Conco, Cyber Security Expert at Check Point Software Technologies, a global leader in cyber security solutions.
During the first three months of this year, Check Point Research reported that the healthcare and medical industry saw an average of 2 309 weekly attack attempts per organisation. This is an increase of 39% from the same timeframe last year.
Figures from a separate Check Point Threat Intelligence Report over the past six months show that a South African healthcare organisation is attacked – on average – 1 626 times per week.
“International espionage authorities like the FBI and Interpol have warned for years that threat actors view hospitals and healthcare providers as prime extortion targets,” Conco says.
“The critical nature of healthcare makes it a prime target, where every second of downtime or breach can mean a delay in care, or even worse, a loss of life.”
Ransomware and phishing are the most prevalent threats, the former preying on the critical need for timely access to patient data.
According to Conco, data exfiltration and extortion have overtaken encryption-based attacks as the primary ransomware tactics, simplifying operations and maximising payouts.
“The urgency of healthcare services makes providers more likely to pay ransoms to restore access quickly, leading to potential data loss, operational downtime, and significant financial strain,” he said.
Compromised patient data, however, can lead to breaches of privacy and security, with long-term consequences for affected individuals. This can include identity theft and other forms of exploitation.
Beyond the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be substantial.
“Perhaps the greatest cost is reputational damage,” says Conco. “Trust is critical in healthcare, and a successful ransomware attack can damage an organisation’s reputation, eroding patient trust and potentially leading to a loss of business.”
Local healthcare at a critical juncture
South Africa’s own healthcare sector stands at a critical juncture with its need for rapid digitisation to address escalating costs, boost efficiencies as well as prepare for the impending roll out of the proposed National Health Insurance (NHI) scheme.
Healthcare NGOs, too, have been stung by the recent withdrawal of US funding.
“The industry is already a prime target for cyber-attacks, and the USAID withdrawal will further amplify the risks in this sector,” Conco added.
The vulnerability of the sector is illustrated by the cyber attack by the BlackSuit ransomware group on the National Health Laboratory Services (NHLS) in June last year, which disrupted lab result dissemination amid an mpox outbreak.
System sections, including backups, were deleted, forcing manual result communication. Despite the attack, labs continued processing samples, but full system restoration took months.
“Commonly, many healthcare breaches also begin with phishing, unpatched systems, or misconfigured networks – not complex zero-day exploits. Prevention is entirely possible, but not prioritised.”
Broken hygiene, broken systems
Conco points out that at the root of the crisis is a lack of cyber hygiene.
“Healthcare organisations often rely on fragmented, outdated infrastructure – a mix of legacy systems and modern tech not designed to work securely together.”
Most medical devices are not built with security in mind, and many are not actively monitored by IT teams, so the attack surface is growing faster than it can be protected by traditional means.
This dynamic, added Conco, compounds in developing countries, where resources are more limited. Reduced budgets mean outdated systems, less staff training, and fewer resources to protect sensitive patient data.
As a result, healthcare institutions in lower-income regions become prime targets for cybercriminals, threatening both care delivery and public trust, starting again this vicious cycle of attack and lack of defence.
When devices that heal can harm
A particularly chilling development is the rise in attacks on connected medical devices – pacemakers, insulin pumps, imaging machines, and more.
According to the 2023 State of Cybersecurity for Medical Devices and Healthcare Systems Report by Health-ISAC, Finite State and Securin, more than 1 000 vulnerabilities were discovered in medical devices in 2023. However, only 15% of manufacturers had vulnerability disclosure programs in place.
“Attackers don’t need to breach a hospital's network to cause chaos. They can now exploit IoMT (Internet of Medical Things) devices that serve as unguarded entry points,” according to Conco. “An example of how cyber criminals’ increasing sophistication is how hackers now specifically target medical devices as well, not only networks, servers, personal computers, databases and medical records.”
Ironically, local healthcare’s efforts to improve efficiency and cost savings through digital transformation mean the sector’s attack surface is expanding, with a noticeable increase in attacks on routers, VPN hardware, and other edge devices.
This trend underscores the urgent need for healthcare institutions to allocate resources for their protection.
Prevention the best medicine
Risk and threats are growing for the healthcare industry but so are the solutions, and healthcare providers don’t have to accept such attacks or compromise with cyber criminals.
Check Point suggests five vital strategies to improve cyber resilience:
1. Educate your people: Phishing remains the number one entry point. Train staff continuously, and implement solutions like Check Point Harmony Email & Collaboration, which helped Fast Pace Health win the battle against phishing incidents.
2. Gain full visibility: Unmonitored devices are high-risk devices. Map all assets, including cloud, IoT, and legacy tech, and assign risk scores.
3. Segment and isolate networks: Use Zero Trust segmentation to prevent lateral movement during a breach. Assume compromise – and design defensively.
4. Adopt prevention-first security: Move beyond detection. Employ threat prevention tools powered by AI to block attacks before they execute.
5. Unify and consolidate security: A fragmented approach invites risk. Integrated platforms like Check Point Infinity provide end-to-end protection across users, devices, and data.
“As South Africa moves increasingly towards digital transformation healthcare, the sector’s reliance on technology will increase, making cybersecurity readiness more critical than ever,” says Conco.
By adopting proactive measures, leveraging AI technologies, and focusing on education and collaboration, local institutions can strengthen their defences and ensure the safety of sensitive patient data.”
Issued by Novus Group