Critical Infrastructure: Healthcare in the crosshairs of cyber attackers

Among the diversity of attacks on critical infrastructure, ensuring security for healthcare remains central to the trust we place in government and the IT sector. Let’s take a look at where things stand.

News of cyberattacks on hospitals is deeply unsettling, not just for the disruption of vital services but for the broader impact on patient safety and trust. Each attack highlights the vulnerability of our most critical institutions, where lives depend on uninterrupted care.

As an answer to this, the publication of the European Action Plan to support EU member states in countering the scourge of cyberattacks against hospitals and healthcare providers is a monumental leap forward. But will it be enough? Let’s dive into the status of the healthcare sector and the possible measures to secure it.

Rising cyber threats in healthcare

In recent years, cyberattacks on healthcare providers have surged, endangering patient safety and data privacy. For example, a ransomware attack on Synnovis in June 2024 disrupted over 3,000 appointments in England, with cybercriminals leaking half a terabyte of confidential patient information. Similarly, in February 2024, over 100 Romanian healthcare providers, including 25 hospitals, were hit by ransomware, forcing 79 facilities offline and crippling internet-connected devices like MRI scanners.

Also, the 2020 cyberattack on Düsseldorf University Hospital is a stark reminder of the potential consequences. Even though the attackers mistakenly targeted the hospital, the attack delayed critical treatment, tragically contributing to a patient’s death. This incident underscores the severe, unintended consequences that cyberattacks can have on healthcare systems.

A prevention-first approach for healthcare

Healthcare providers can be easy prey for cybercriminals who take advantage of the services provided to patients to disrupt vital state infrastructure. On top of that, hospitals and other healthcare facilities tend to operate a wide range of systems, including outdated legacy platforms, and are busy environments, where staff is focused on their essential duties, sometimes at the expense of basic cyber hygiene practices.

Furthermore, healthcare services collect personal and financial information — from credit cards and billing information to Social Security numbers — which can be easily monetized if stolen by hackers. They’re also subject to ransomware or DDoS attacks that can deny access to networks or services in demand for payment.

This is why ESET focuses on a prevention-first approach, protecting critical infrastructure even before a possible attack, with solutions that mitigate risks and minimize the time security teams spend on incident response and remediation.

The ESET medicine to healthcare’s woes

The ESET PROTECT Platform’s AI-driven, multilayered endpoint security filters out advanced threats like ransomware or fileless malware early, using ESET LiveSense layers. Each layer targets specific threat types and attack vectors, blocking them based on known code, behavior, reputation, or deep analysis. This robust approach reduces the likelihood of incidents escalating.

• ESET LiveGuard Advanced adds another layer of protection by proactively defending against new, unknown threats through cloud-based analysis for deeper security insights and fast response.

• ESET Inspect offers enhanced visibility into emerging threats and risky behaviors, powered by an AI-native engine.

• ESET Endpoint Security is a complete security solution combining maximum protection and a minimal system footprint. The advanced technologies, based on artificial intelligence, are capable of proactively eliminating infiltration by viruses, spyware, Trojan horses, worms, adware, rootkits, and other internet-borne attacks.

• ESET’s managed services, such as ESET PROTECT MDR, provide a rapid 20-minute response 24/7, preventing threats from escalating to ensure business continuity.

• ESET Threat Intelligence provides global threat knowledge gathered by our array of sensors, verified and analyzed by our researchers, helping security analysts make crucial decisions faster.

Additionally, complementary modules like ESET Full Disk Encryption, ESET Vulnerability and Patch Management, and ESET Secure Authentication provide comprehensive protection, covering all potential attack vectors, and guaranteeing compliance with various regulations and cyber insurance requirements.

A cornerstone of European healthcare

As a cornerstone of European society, healthcare organizations are classified as Essential Entities under the upcoming NIS2 Directive. This new regulation underscores the critical importance of robust cybersecurity measures in the healthcare sector. ESET tools provide a reliable and comprehensive approach to help these organizations meet the stringent requirements of the NIS2 Directive, ensuring they remain secure and compliant in an increasingly complex threat landscape.

ESET solutions are specifically designed to address the unique security challenges faced by Essential Entities in the healthcare CNI sector. We ensure that our products avoid the pitfalls of overly aggressive threat detection, providing robust protection without compromising the normal functionality of medical devices or critical systems.

Of particular interest is the establishment of a European Cybersecurity Support Centre for Hospitals and Healthcare Providers under ENISA as part of the European Action Plan, along with a EU-wide early warning service aimed at providing near-real-time alerts for rapid threat detection and a rapid incident response capability.

The EU Action Plan also introduces measures such as a Cybersecurity Voucher Programme for smaller providers, secure cloud migration support, and enhanced supply chain security under the Cyber Resilience Act. It also sees to establishing active efforts to further enhance collaboration with Europol, particularly through the NoMoreRansom Project, which ESET is part of.

Ensuring continuity

Hospitals need to operate 24/7, 365 days a year, and ESET understands the huge responsibility that comes with defending critical infrastructure from current and emerging threats, which we answer with regular, much-needed updates for our cybersecurity software to respond to the evolving dynamic threat landscape.

To achieve this, ESET’s Endpoint Product Architecture is modular and adheres to the Principle of Least Privilege, ensuring each component accesses only necessary resources. This minimizes risks from failures or exploits, and the product continues functioning even if specific modules, like those with incorrect signatures, become unavailable.

The ESET Protect Agent acts as a watchdog, monitoring the system and enabling remote fixes. ESET further enhances stability by applying risky updates only after a reboot, preventing major issues. Integrity checks and signature validation ensure updates are trustworthy, and a rollback feature allows users to revert to a stable state if needed. The development process incorporates DevSecOps best practices, robust build procedures, and continuous 24/7 testing to maintain stability, performance, and security across all components.

In addition to automated testing, manual testing plays a crucial role in ensuring product quality. Moreover, we follow the “Shift Left” principle, ensuring that our engineering teams receive updates on their machines before customers do.

30 years of research and award-winning technology

With research at the core of what we do, our telemetry’s global coverage gives ESET a unique perspective on the threat landscape. ESET has uncovered and prevented some of the most sophisticated attacks, such as Industroyer and Industroyer2 found in industrial control systems of vital critical infrastructure; we work closely with law enforcement and international organizations, taking part in NATO’s Locked Shields

For more than 30 years, ESET has ensured the protection of consumers, businesses, and critical entities, for which our products have gained multiple awards and recognitions from independent analysts, demonstrating our unique capabilities in real-world test scenarios. We are proud to protect our healthcare customers and, indeed, all customers who provide essential services to society.