Craig Pepper
June 7, 2024
4 Min Read

Cyber Attacks on Healthcare: A Growing Threat

In recent years, the healthcare sector has faced a surge in cyber attacks, highlighting vulnerabilities in critical systems and the need for robust cybersecurity measures. This blog post explores notable cyber incidents impacting the NHS and other healthcare organisations.

Recent Cyber Attacks on the NHS

The WannaCry Attack: A Turning Point

On May 12, 2017, the NHS experienced its most significant cyber attack when WannaCry ransomware infiltrated its systems. Exploiting vulnerabilities in outdated Windows XP, WannaCry disrupted 47 NHS trusts in England and 13 in Scotland. Hospitals reverted to pen and paper, surgeries were delayed, and critical systems were compromised. The attack underscored the urgent need for improved cybersecurity in healthcare.

Advanced Ransomware Attack

In August 2023, Advanced, an IT provider for the NHS, was hit by ransomware, impacting services like patient check-ins and NHS 111. The attack significantly disrupted patient care, with doctors unable to access records and a backlog of handwritten notes piling up. Recovery efforts continue, highlighting the ongoing risk of ransomware.

Data Threats in Scotland

NHS Dumfries and Galloway faced a ransomware attack, with hackers threatening to release three terabytes of stolen data. Sensitive patient and staff information was compromised, leading to a coordinated response involving multiple agencies to manage the fallout and protect patient privacy.

National Records of Scotland Breach

This attack also affected the National Records of Scotland, compromising sensitive data temporarily held on the network. Less than 50 individuals were impacted, prompting immediate notification and mitigation efforts.

London Hospitals Critical Incident

A ransomware attack on Synnovis disrupted major London hospitals, including King's College Hospital and Guy's and St Thomas'. The attack affected operations, led to cancelled procedures, and impacted emergency care, demonstrating the widespread effects of cyber incidents on healthcare services.

Notable Global Healthcare Cyber Attacks in 2024

WebTPA Data Breach

In May 2024, WebTPA Employer Services experienced a data breach affecting over 2.4 million individuals. This incident exposed personal health information, highlighting the vulnerabilities of third-party service providers.

DocGo Cyber Attack

DocGo, a provider of mobile medical services, reported a data breach in May 2024, impacting patient data across the U.S. and the UK.

Change Healthcare Incident

A ransomware attack on Change Healthcare disrupted claims processing and payments, affecting numerous healthcare services and emphasising the need for strong cybersecurity frameworks.

Kaiser Foundation Health Plan Breach

In April 2024, Kaiser reported a breach affecting 13.4 million records, marking one of the largest healthcare data breaches of the year.

Group Health Cooperative of South Central Wisconsin

A January 2024 attack affected over 533,000 individuals, demonstrating ongoing threats to regional health organisations.

Los Angeles County Department of Mental Health

An MFA bypass in April 2024 led to a data breach at the Los Angeles County Department of Mental Health, affecting numerous patient records.

Singing River Health System Ransomware Attack

In August 2023, a ransomware attack on Singing River Health System in Mississippi compromised the data of approximately 253,000 individuals, further showcasing the persistent threat of ransomware.

How Periculo Can Help

Cyber Essentials and Cyber Essentials Plus

Periculo helps healthcare organisations and medical device organisations to achieve Cyber Essentials and Cyber Essentials Plus certifications, which provide a robust framework to protect against a wide range of cyber threats. These certifications ensure that basic security measures are in place, significantly reducing the risk of cyber attacks.

Vulnerability Scanning and Penetration Testing

Regular vulnerability scanning and penetration testing are crucial to identifying and mitigating security weaknesses. Periculo offers comprehensive scanning services to detect vulnerabilities before attackers can exploit them, and penetration testing to simulate real-world attacks, helping organisations strengthen their defences.

NHS Data Security and Protection Toolkit (DSPT)

Compliance with the NHS DSPT is essential for healthcare organisations handling patient data. Periculo assists in meeting these stringent requirements, ensuring that organisations adhere to best practices for data security and protection, thereby safeguarding sensitive patient information.

These incidents highlight the growing threat of cyber attacks on healthcare organisations. As cybercriminals become more sophisticated, it is crucial for healthcare providers to invest in robust cybersecurity measures, ensuring the protection of sensitive patient data and the continuity of essential services. The NHS and global healthcare sector must prioritise cybersecurity to safeguard against future attacks.

Read similar blogs