The European Union Agency for Cybersecurity (ENISA) has released its first cyber threat landscape for the health sector. The analysis is based on a total of 215 publicly reported incidents in the EU and neighbouring countries. It identifies prime threats, actors, impacts and trends based on the analysis of cyberattacks targeting health organisations over a period of more than 2 years.
ENISA's cyber threat landscape for the health sector reveals:
Healthcare providers accounted for 53% of incidents, with hospitals being the primary target.
Ransomware attacks were prominent (54%), primarily aimed at stealing or leaking patient data.
The COVID-19 pandemic made the healthcare sector a prime target, highlighting the need for robust cybersecurity practices.
Vulnerabilities in healthcare systems and supply chains caused disruptions (7%).
Geopolitical developments led to DDoS attacks (9%), but with relatively low impact.
Incidents resulted in data breaches (43%), disrupted services (22%), and incurred significant financial losses.
Patient safety concerns arise due to potential delays in triage and treatment caused by cyber incidents.
