A growing cybersecurity concern in 2021 is the threat of nation states and cybercriminals attacking the healthcare system.
COVID-19 made the health sector a prime target in 2020, but the risk will likely continue and evolve as the vaccination rolls out. According to IBM, state-hackers likely targeted the "cold chain" used to keep vaccinations cold during transport.
The vaccination global supply chain is complex. Although large pharmaceutical companies have been thinking about preventing cyber-espionage for the past decade, many of the smaller organizations involved in the supply chain have not need strong cybersecurity protections in the past.
Intelligence and security officials have suggested that "vaccine nationalism" could lead countries to try to undermine each other's research efforts or steal intellectual property for financial gains. The U.K. has accused Russian intelligence of targeting their vaccine research, while the U.S. leveled similar allegations against Chinese hackers.
Nation-state hackers may combine cyber espionage with human espionage tactics—for example, deliberately disseminating misinformation about vaccinations online or questioning a country's testing or safety record.
However, the most serious threat, according to cybersecurity experts, comes from ransomware spread by cybercriminals. Security firm Positive Technologies recently released findings showing that ransomware made up half of all cyberattacks on the healthcare sector from July 2020 to September 2020. On one day in October, six hospitals in the U.S. received ransom demands of one million dollars or more, which forced the cancellation of some cancer treatments.
One doctor warns that cybercriminals understand "clinical urgency," meaning they know they are more likely to get a ransom payment if they disrupt patient care. As patient care has moved online, there is concern cybersecurity has not kept pace and the fact that more devices are connected could lead to a "cascade effect." The doctor adds that the biggest risk is not cybercriminals locking healthcare organizations out of their data, but rather tampering with the data. Gordon Corera "Health to be on cyber-security's front line in 2021" bbc.com (Dec. 28, 2020).