Ransomware attacks are the most disruptive and destructive type of cyber incidents threatening healthcare, with clear impacts on the systemic functioning of hospitals in service delivery and surgeries. However, ransomware is not the only threat facing healthcare services now.

This is the warning from Veronica Schmitt, co-founder of the DFIRLABS Digital Forensics and Incident Response practice, Assistant Professor at Noroff University in Norway, Security researcher at Medtronic in the US, and professional member of the Institute of Information Technology Professionals South Africa (IITPSA).

Schmitt highlights that it is estimated that cyber-attacks on hospitals have increased by 51% worldwide. She says: “This shows that healthcare as a sector remains a rich target for cyber criminal groups. Considering the increase in these attacks, 36% of the hospitals that suffered attacks noted that there was an impact on surgeries and patient care.”

Ransomware attacks on hospitals have increased worldwide, with the healthcare sector among those most often targeted by cyber criminals. However, cyber-attacks are not the only threat facing hospitals and their patients: the risk of power interruptions, outages and complete grid collapse specifically in South Africa could disrupt service delivery to patients, increasing the threats to patient safety. 

“If one considers the impact that Covid-19 had on service delivery worldwide and in South Africa the hospitals are still recovering from this. Specifically in the NHS the downgrade of services has delayed treatments for patients by months if not years. This is a virus we should have been prepared for. The question is “How prepared are we for a potential grid collapse?” she says.

Schmitt notes that digital technologies have revolutionised the delivery of patient care and treatment but says the growing risk of outages and cyber-attacks make incident response and disaster recovery crucial. “Digital technology is a double-edged sword – on the one hand, it saves lives. On the other, healthcare professionals may become so dependent on it that they cannot function without it when there is disruption to these systems,” she says.

“IT teams and cyber security teams may be well versed on their incident response and disaster recovery plans, but the doctors and nurses on the ground need to be equally well prepared. You’ll often find that the incident response and disaster recovery plan is in a folder at the nurses’ station – nobody has read it and when in the midst no one can start learning what to do when a disaster strikes. The staff dealing with patients must be prepared and have practised what to do if systems go down. Cyber resilience must be an enterprise-wide effort – particularly in the healthcare sector,” she says.

Schmitt cites examples from around the world where systemic outages such as power and cyber attacks resulted in surgeries and patient care being postponed. In an instance in Germany where a ransomware attack took place the hospital chose to divert patients to other healthcare facilities. "This begs the question: are we too reliant on technology? Knowing what to do, and being capable of using old-school manual equipment, are important,” she says. One example of preparedness is a hospital in the US where nurses write basic patient information, allergy information and their most recent medication on whiteboards, so that the information remains readily available even if a critical system goes down. This ensures that the most basic of care can be given to patients whilst alternate plans are made.

Schmitt adds that a strong cyber security posture and immutable copies of backups remain crucial. She recommends close collaboration between cyber security, risk and operational teams to identify the minimum levels of care the hospital must be able to achieve during an outage, and to prioritise departments and systems for disaster recovery. “One should consider patient safety not just the responsibility of one but the responsibility of many. This is true whether dealing with outages caused by cyber attacks or power outages. You cannot be over prepared in this instance” she says.