Cyber attacks in healthcare up 51 per cent, study finds
Web application attacks on healthcare organisations spiked by 51 per cent following global roll outs of the COVID-19 vaccine in December, new research has found. Facilities operating in the UK, US, Brazil and Canada were the top targets.
Research by IT security company Imperva Research Labs shows that the healthcare industry is experiencing a 10 per cent increase each year in cyber attacks each year, highlighting the growing risk for the healthcare sector, particularly during the ongoing pandemic.
Web application attacks may not be as commonly known as ransomware attacks, but they are just as malicious. Types of web application attacks include:
Cross-site scripting (XSS). This can lead to patient accounts being compromised, and pages modified for patients to give out personal information. These attacks grew by 43 per cent in December.
SQL injections (SQLi). These put patient data at risk, and in the most serious cases can give the attacker admin rights over a database. SQLi attacks increased by 44 per cent in December.
Protocol manipulation, or ‘HTTP request smuggling’. This lets hackers interfere with how a website processes sequences of HTTP requests, allowing an attacker to bypass security controls, gain unauthorised access to sensitive data, and directly compromise other application users. Protocol manipulation attacks are rising fastest - by 76 per cent in December.
Remote Code Execution/Remote File Inclusion (RCE/RFI). These target vulnerabilities in web applications so the attacker can upload malware. If successful, this can result in information theft, compromised servers and a takeover of the site.
"While ransomware attacks commonly land healthcare organisations in the news, it’s only the vulnerable application front end to all healthcare data that experiences the variety and volume of daily attacks noted above.
Ray adds that while the volume of attacks increased in 2020, the number of breaches decreased. "As someone who has worked in cybersecurity for more than 20 years, this makes no sense. My hypothesis is that many organisations likely don’t know the extent or impact of these attacks yet. The reason being: for most of the year, healthcare was focused on trying to enable remote work while managing the frontline logistics of a global pandemic. Less time was spent on threat research, incident response and incident analysis."
He predicts more breaches in 2021. "In the first three days of 2021, Imperva researchers saw a dramatic 43 per cent increase in data leakage, the unauthorised transmission of data from within an organization to an external destination or recipient, which is often the result of a breach.
To defend themselves against these threats, healthcare providers must protect their data and look at other solutions. "With teams under-resourced, managing a growing stack of point solutions to address each unique risk is unrealistic. Instead, find a partner that can offer an integrated platform that provides protection against the leading attacks and optimizes web performance, helping the organization to operate more efficiently and securely" Ray says.
"Don’t forget regulatory compliance. Most privacy and data security regulations today require healthcare providers and payers to demonstrate access controls and monitoring for all access to sensitive patient healthcare information."
Skin Analytics wins NHSX award for AI skin cancer tool
An artificial intelligence-driven tool that identifies skin cancers has received an award from NHSX, the NHS England and Department of Health and Social Care's initiative to bring technology into the UK's national health system.
NHSX has granted the Artificial Intelligence in Health and Care Award to DERM, an AI solution that can identify 11 types of skin lesion.
Developed by Skin Analytics, DERM analyses images of skin lesions using algorithms. Within primary care, Skin Analytics will be used as an additional tool to help doctors with their decision making.
In secondary care, it enables AI telehealth hubs to support dermatologists with triage, directing patients to the right next step. This will help speed up diagnosis, and patients with benign skin lesions can be identified earlier, redirecting them away from dermatology departments that are at full capacity due to the COVID-19 backlog.
Cancer Research has called the impact of the pandemic on cancer services "devastating", with a 42% drop in the number of people starting cancer treatment after screening.
DERM is already in use at University Hospitals Birmingham and Mid and South Essex Health & Care Partnership, where it has led to a significant reduction in unnecessary referrals to hospital.
Now NHSX have granted it the Phase 4 AI in Health and Care Award, making DERM available to clinicians across the country. Overall this award makes £140 million available over four years to accelerate the use of artificial intelligence technologies which meet the aims of the NHS Long Term Plan.
Dr Lucy Thomas, Consultant Dermatologist at Chelsea & Westminster Hospital, said: “Skin Analytics’ receipt of this award is great news for the NHS and dermatology departments. It will allow us to gather real-world data to demonstrate the benefits of AI on patient pathways and workforce challenges.
"Like many services, dermatology has severe backlogs due to the COVID-19 pandemic. This award couldn't have come at a better time to aid recovery and give us more time with the patients most in need of our help.”