The cyber security company with a focus on training, KnowBe4is now publishing a new report which maps the threats to which the European health sector is exposed – shortly after the latest major attack against Danish hospitals
KnowBe4, the provider of the world’s largest platform for security awareness training and simulated phishing attacks, has released its international health report. The report takes a closer look at the cyber security crisis that the healthcare sector, particularly hospital groups, is currently experiencing around the world.
Martin Kramer
The European healthcare sector is under attack, with 53 percent of cyber attacks on the continent between January 2021 and March 2023 targeting healthcare organisations. Ransomware was cited as the primary threat, and the majority of attacks were combined with data breaches or data theft. Paradoxically, a whopping 27 percent of healthcare organizations lack a dedicated ransomware defense program, and only 40 percent of original equipment vendors offer security awareness training to non-IT staff, leaving them vulnerable to attack.
Hospitals have become increasingly attractive targets for ransomware attacks due to their extensive patient databases, sensitive information and their interconnectedness between systems and equipment. Furthermore, poor security measures have left hospitals vulnerable to cyber threats. When attacked, cybercriminals can potentially take control of entire hospital systems and access not only patients’ health information, but also their financial and insurance data.
Hospitals are severely affected by cyber-attacks, which can lead to a reduction in patient care, loss of access to electronic systems and a reliance on incomplete paper records. This can also result in the cancellation of surgeries, tests, appointments and in some cases even loss of life.
The report includes, among other things:
- In the first three quarters of 2023, the global healthcare sector saw a whopping 1,613 cyberattacks per week, nearly four times the global average, and a significant increase from the same period the previous year.
- The healthcare sector has seen a dramatic increase in the cost of cyberattacks over the past three years, with the average cost of a breach reaching nearly $11 million, more than three times the global average. This makes the healthcare sector the most expensive sector for cyber attacks.
- Ransomware attacks have been the most prevalent type of cyber attack on healthcare organizations, accounting for over 70% of successful attacks in the past two years.
- The majority of cyberattacks (between 79 percent and 91 percent), across sectors, begin with phishing or social engineering tactics that allow cybercriminals to gain access to accounts or servers.
- According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, healthcare and pharmaceutical organizations are among the most vulnerable to phishing attacks, with employees at large organizations in the sector having a 51.4 percent likelihood of falling for a phishing email . This means that cybercriminals have a better than 50/50 chance of succeeding in phishing an employee in the sector.
“The healthcare sector remains a prime target for cybercriminals looking to exploit the life-or-death situations hospitals face,” said Stu Sjouwerman, CEO of KnowBe4. “With patient data and critical systems held hostage, many hospitals feel they have no choice but to pay large ransoms. This vicious cycle can be broken by prioritizing comprehensive security awareness training to empower employees and create a positive security culture as a strong defense against phishing and social engineering attacks.”
The report examines the state of healthcare cybersecurity in North America, Europe, the UK, Asia-Pacific, Africa and Latin America. In addition, it also highlights some of the most prevalent global ransomware attacks that occurred between December 2023 and May 2024, their aftermath, and what healthcare organizations can do to protect themselves from cyberattacks.
Source: it-kanalen.dk
