The war in Ukraine started by Russia turned out to be longer and more brutal than originally thought. In addition to human damage, the invasion reached other levels. The Kremlin is one of the most cybercrime governments in the world, both in terms of the number of cyberattacks and the number of ones it initiates.

The military conflict has led to an exponential increase in the number of such cyber attacks: according to the Exprivia Cybersecurity Observatory, the number of cyber attacks in Spain increased by 77% as of June due to the war. as the health sector.

According to Microsoft, in mid-2022, cyberattacks by Russia against 42 countries allied with Ukraine were recorded a total of 128 organizations. Last week, three Catalan hospitals suffered a cyberattack, which meant a temporary loss of access to user information. This has resulted in a breach of patient data privacy as well as that of Consorci Sanitari Integral (CSI) employees.

Ruth Kusko, Managing Director of ASHO (Hospital Consulting Company), explains that the healthcare sector plays a fundamental role in the well-being of society. “which makes it an object of interest for cybercriminals”. Attackers use ransomware to extort organizations and negotiate terms in a sector containing “very sensitive” data, so “he will try to resolve the incident as soon as possible to avoid more serious consequences, which will facilitate negotiations with the cybercriminal.” .

According to Sophos’ State of Ransomware in Healthcare 2022 report, Such cyberattacks in the healthcare sector have doubled over the past year. In 2020, 34% of healthcare organizations were attacked by ransomware; in 2021, that percentage was almost 66%. Benjamin Lozada, underwriter specializing in cyber risk at Hiscox Spain, notes that hospitals and in general companies operating in the healthcare sector are an attractive target for criminals “due to the large amount of confidential information they have about their clients / patients “. .

Actually, 53% of healthcare and pharmaceutical companies were the victims of at least one cyberattack during 2022, according to data data from the Hiscox 2022 Cyberpreparation Report, slightly higher than the Spanish company average for the same period (51%). Losada emphasizes that this is because they do have valuable information that is attractive to attackers, the availability of their technologies can cost lives, and also because the sector is not prepared in terms of cybersecurity, since only 4% of companies operating in this field are considered cybersecurity experts due to their ability to detect and prevent cyberattacks or minimize their impact should they occur.

53% of healthcare and pharmaceutical companies were the victims of at least one cyberattack during 2022, according to data

The Hiscox expert explains that as a result of the pandemic, the vulnerability of the healthcare sector has been “very high” in all aspects, including cybersecurity. “They had to go through a fast digital transformation process that, given the urgency, didn’t always get it right.exposing gaps through which criminals still make their way, as they just did,” he notes.

The data managed by medical centers is very sensitive and requires security guarantees from organizations. Unfortunately, computer attacks are becoming more frequent, so “it is necessary to invest in better cybersecurity defenses, training cybersecurity personnel in the sector, and improving and updating computer hardware, which in many cases is outdated.” assures the managing director of ASHO.

On the other hand, it is recommended to conduct a vulnerability analysis to test the network infrastructure and choose an insurance policy that specifically covers computer attacks.

Benjamin Lozada agrees on the importance of insurance. “In these cases, a fundamental part of this protocol it is to have the support of the insurance, because it activates the action plan at the exact moment of the incident” this ranges from detecting an attack, measuring its scope and what information was affected, and extending to notifying each of the affected parties, which culminates in the restoration of full normality of the service.

As in all areas of life, prevention is always the best weapon. “something that hospitals are already doing with regards to health, but they should also start doing that when it comes to protecting their cybersecurity.”Losada says. To do this, he assures, it is necessary to invest in training so that employees become better guards, with the necessary ability to detect and notify a cyber attack attempt in time, “and also avoid falling into the traps set by criminals through social engineering methods that trick them into gain access to company systems.