You are currently viewing Cyber-attacks in healthcare: the necessity of business continuity/recovery

Cyber-attacks in healthcare: the necessity of business continuity/recovery

The more time passes, the more resilience becomes central to cybersecurity. As we become increasingly aware of the inevitability of cyber-attacks, we are looking more and more not to prevent them, but to limit their impact on the activity of the company and its employees. Resilience includes business resumption and continuity, two key measures that ensure business continuity even in the event of a cyber-attack. In the healthcare sector, this generally takes the form of a downgraded mode procedure (switching from digital information to information on paper). The cyber-attack on London’s hospitals in June demonstrates the need for such a plan.

Context

King’s college Hospital, Guy’s and Saint Thomas’ hospitals are in partnership with Synnovis, which is a company providing laboratory services to the NHS.

It was on June 4 that this company suffered a ransomware attack affecting every one of their information systems, resulting in a complete shutdown of their business.

As a direct consequence of this attack, there were delays in analysis results. GPs were asked to cancel non-urgent appointments for blood tests, while operations were postponed. A situation that could evolve depending on the duration and scope of the cyber-attack, the management of one of the affected establishments has informed its staff.

Several of The Independent’s sources claimed that “thousands of patients” are affected. The attacked hospitals covered six areas of the English capital. As a result of the attack, patients’ blood groups couldn’t be tested as quickly as usual. The NHS had therefore launched an urgent appeal for donations of group 0 negative and 0 positive blood.

NHS England London had declared this to be a regional incident, and in order to limit disruption to these hospitals, pathology centers and emergency centers, had decided to redirect patients requiring long-term care to other hospitals unaffected by the attack to ensure the best possible continuity of care.

A devastating toll

According to NHS England London, five planned caesarean sections had to be rescheduled and 18 organs were diverted for use by other services, while 736 hospital outpatient appointments and 125 community outpatient appointments had to be rescheduled. Blood tests all had to be cancelled.

As blood tests were no longer possible, an appeal was launched by NHS Blood and Transplant for blood donations from people with universal blood groups O positive and O negative.

The Darknet: the data market

And that’s without mentioning the possible extraction of health data by attackers; data which is then resold on the darknet.

This data can even include patients’ bank details, enabling access to their accounts by data buyers. Healthcare data can be sold for very little: the ZATAZ monitoring service reported in 2022 that on April 17 and 18, cyber attackers had stolen patient data including passports, banking information, telephone numbers etc. and then sold them €4 per unit.

Ransomware: a ubiquitous threat, requiring business continuity and recovery

Ransomware, as you may have guessed, will encrypt data on a workstation and will then be able to spread across the local network if no protection measures are put in place (vLANs with communications filtering, for example), potentially affecting and rendering unavailable a company’s entire information system. This is why a Business Continuity Plan (BCP) is becoming increasingly important: it enables businesses to continue despite the unavailability of their IT services. We’re also hearing more and more about the IT recovery and continuity plan (IRCP), which generally focuses on backups.

Cybersecurity, and more specifically business continuity, is crucial for any company. To protect yourself from the consequences of increasingly common and devastating cyber-attacks, you need to ensure business continuity. Don’t be a fool; protect yourself and your business.

 

 

Sources :

Cyber attacks on London’s hospitals affect 800 planned operations (bbc.com)

Qu’est-ce qu’un ransomware ? | IBM

PRA et PCA : définitions et différences en termes d’activité (napsis.fr)

Le Plan de Reprise d’Activité (PRA) : définition et étapes (obat.fr)

hfds-guide-pca-plan-continuite-activite-_sgdsn.pdf (economie.gouv.fr)

Comment faire un plan de reprise d’activité ? Étapes + modèle (appvizer.fr)

A propos de Nicolas DOS SANTOS

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.