Cyberattacks on hospitals: the sicker you are, the more valuable your data is

Our health data is worth gold. Cyberattacks against hospitals also target these new jackpots. Data can sell for around 200 euros for a patient record.

We face terrorists who endanger the life of the patientnts” estimated this Monday, December 5, 2022 on Franceinfo Arnaud Robinet, Horizon mayor of the city of Reims and president of the Fédération Hospitalière de France while the André-Mignot hospital of the Versailles hospital center, located in Chesnay-Rocquencourt (Yvelines ), was the victim of a cyberattack a few days ago.

He is not the only one. Everywhere in France, including in the Grand Est, cyberattacks against hospitals are increasing.

Jean-Yves Marion, professor at the University of Lorraine and director of LORIA (Lorraine Computer Research Laboratory) in Nancy, sheds light on the subject and offers some hypotheses on the motivation of hackers.

Can we know who is behind these attacks?

The ransomware and malware community is underground. It’s an ecosystem. It is difficult to accurately attribute an attack. It may be well-identified ransomware. But the attacker is not necessarily in the country of origin of this malware. He can be anywhere.

What are the motivations of hackers?

The first is purely criminal. Moreover, there is a misunderstanding of the attackers. It is not because the hospital budget is important that the hospital has the means to pay a ransom in France. We are not in private hospitals in the United States or in England.

Health data is gold

Jean-Yves Marion, professor at the University of Lorraine and director of LORIA in Nancy

Health data is gold. They have more and more values ​​due to artificial intelligence. Data drives artificial intelligence algorithms. The more data we have, the more results we can expect. These data could make it possible to seek new treatments, to carry out predictive medicine, to improve diagnosis by imaging, to accelerate the marketing of drugs. The stakes are enormous and the financial sums are colossal. The first to find a vaccine or cure for a disease will win the market.

We have seen several attacks that were not aimed at ransomware. The objective was to hack the data

Jean-Yves Marion, professor at the University of Lorraine and director of LORIA in Nancy

If the data contains personal or even confidential information, the attacker can use it to make new, more discreet and targeted attacks. For example, it will be interested in a database with passwords, which is quite common. This attack is formidable, because it is invisible. By appropriating account passwords, the hacker will navigate freely wherever he wants to take what interests him. On the Dark Web, everything sells. We have seen several attacks that were not aimed at ransomware. The objective was to hack the data.

Medical information is worth a lot of money?

A piece of data sells for an average of two hundred euros. If you are in good health, it is worth nothing. On the other hand, if you present several pathologies, the data take on value. This is not the case in France. But in the United States, insurers try to find out what your pathologies are before insuring you.

Dozens of hospitals in France have been hit in recent years.
In the midst of the Covid-19 crisis, 27 hospital cyberattacks were recorded in particular in 2020. Among the most emblematic cases, the Assistance Publique-Hôpitaux de Paris (AP-HP), which manages 39 public hospitals. In February 2021, a file containing the sensitive medical data of nearly 500,000 people in France, which would come from around thirty medical biology laboratories, circulated on the internet. In August 2022, the Corbeil-Essonne hospital (which concerns 700,000 inhabitants in the Paris region) was hit by a cyberattack with a ransom demand of 10 million dollars, then reduced to one or two million dollars, according to the sources.

A spectacular hack of Medibank, one of Australia’s leading private health insurers, which announced in November 2022 that a “sample” of its 9.7 million customer data had been posted on a “dark forum web”, including some HIV carriers or drug addicts.

In May 2021, the Irish public health service, HSE Ireland, was forced to shut down its entire IT system due to a “significant” cyberattack.

A death in Germany

Germany announced in September 2020 the first known death, directly linked to a cyberattack targeting a hospital. The Düsseldorf hospital hack prevented the emergency treatment of a 78-year-old patient, who died after having to be sent to a more distant city. The investigators had evoked the track of a group of Russian hackers wanting to force the hospital to pay a ransom.

The NHS targeted in the UK

The British public health service (NHS), the fifth largest employer in the world with 1.7 million employees, was targeted in May 2017, during a global cyberattack affecting many sectors.

Psychiatric patients in Finland

In Finland, an attack on mental health services caused consternation in October 2020. Thousands of patient records, including those of children, were stolen from a private company that runs 25 psychotherapy centers.

The data market is currently estimated at 400 billion euros in Europe.

We wish to thank the writer of this short article for this remarkable material

Cyberattacks on hospitals: the sicker you are, the more valuable your data is


Check out our social media accounts as well as other pages related to themhttps://www.ai-magazine.com/related-pages/