As of: 28.06.2021 8:08 a.m.
In times of Corona, cyber criminals focus particularly on critical infrastructure in order to cause as much damage as possible. In the meantime, hospitals are increasingly becoming the target of hacker attacks.
By Thomas Spinnler,
tagesschau.de
In September 2020, the Düsseldorf University Clinic was no longer able to provide emergency care due to a hacker attack. The urological clinic in Planegg was also the target of a cyberattack at the beginning of this year, and the Protestant clinic in Lippstadt was attacked in March. The list of attacks is getting longer and longer.
The general threat situation for hospitals has worsened in terms of cybersecurity in recent years, explains Markus Holzbrecher-Morys, managing director for “IT, data exchange and eHealth” at the German Hospital Association (DKG) tagesschau.de.
The quality and number of cyber attacks has increased significantly in recent years. This affects the hospitals as well as other areas of critical infrastructures in Germany, said Holzbrecher-Morys.
Digitization makes you vulnerable
The number of cyber attacks is not only increasing in Germany. The cyber security company Emsisoft, for example, found that more than 100 government agencies were victims of blackmail attacks in the United States last year. In addition, 500 hospitals and health centers were attacked. In addition, there would be around 1,680 schools and universities and hundreds of companies.
The global financial damage caused by cyber attacks is enormous. McAfee, a US manufacturer of security software, put it at $ 1,000 billion in a study carried out together with the Center for Strategic and International Studies (CSIS). That is almost twice as much as in 2018.
“The surge in digitization caused by the pandemic has created new opportunities for attacks. New cyber damage scenarios are constantly developing, ”says Catharina Richter, global head of the Allianz Cyber Center of Competence at AGCS.
Criminals take advantage of emergencies
Overall, the growing threat is clearly reflected in the crime statistics for 2020 of the Federal Criminal Police Office (BKA). The BKA registered around 108,000 cyber crimes last year. This corresponds to an increase of 7.9 percent compared to 2019. In 2016 it was around 83,000. The clearance rate in 2020 was around a third.
However, the attacks on medical infrastructure and clinics in Corona times are particularly fatal. Behind this is a calculation: “Cyber criminals adapt quickly to social emergencies and skillfully exploit them for their own purposes,” says the BKA’s federal situation report. They therefore attacked institutions and companies that were of high social importance.
Concern for patient safety
This means that clinics and vaccine manufacturers have become the focus of criminal interest. Since the third quarter of 2020, the BKA has identified increased attacks on companies and public institutions that are relevant to the fight against the corona pandemic.
According to Holzbrecher-Morys, the industry-specific risk situation for hospitals consists of the possible effects on patient safety and treatment effectiveness. Who would want to see their medical files on the Internet?
Hospitals are sensitized
“Hospitals have been made aware of the issue, and legislators have also been active here for several years to increase IT security in hospitals,” says Holzbrecher-Morys. With the increasing and socially and legally required digitization in the health care system, the requirements for the protection of the systems and processes used have increased, according to the expert.
However, not all clinics may be adequately prepared for this. The Berlin consulting company Alpha Strike Labs examined this together with the Austrian company Limes Security and the University of the Federal Armed Forces in Munich for a study.
The result is worrying: The experts discovered weak points in 36.4 percent of 1555 German hospitals examined. More than 900 of the vulnerabilities discovered in 1931 were critical, says Johannes Klick, managing director of Alpha Strike Labs and one of the authors of the study.
IT security costs money
Apparently there is a cost problem, as Thomas Friedl, head of the medical informatics course in the health department at the Technical University of Central Hesse in Gießen, told the “Süddeutsche Zeitung”: “The clinics would have to invest money in staff and software”.
But their budget is capped by the so-called case flat rates. If a company spends more money on data security, it can pass it on to the product. “That doesn’t work with the hospitals,” said Friedl. Politicians should therefore make money available, for example from the surpluses of the health insurance funds, he demands.