Cyberthreats home in on healthcare firms in APAC

Cybercriminal are now setting their sights on targets that might not have hefty financial reserves but can cause profound harm when compromised, especially healthcare institutions across the Asia-Pacific region, according to Tenable.

Tenable’s most recent Threat Landscape report revealed that healthcare was the top targeted sector by ransomware attacks in 2022, contributing to 35.4% of all breach events analysed.

This was a sharp increase from its previous contribution of 24% of all breach events in the previous year.

The recent wave of cyberattacks on healthcare institutions across Asia Pacific further underscores the urgency. This includes high profile cyber incidents such as the 2023 Covid-19 vaccination portal breach in India which saw the unauthorised disclosure of healthcare and personal data of millions of individuals. 

Another example would be the cyber-attack on Hong Kong’s OT&P Healthcare group earlier this year which could have exposed the personal data and medical history of over 100,000 patients. 

These breaches, amongst others, have potentially led to unauthorized disclosures of both healthcare and personal data on a massive scale. 

Nigel Ng, Tenable’s VP in APAC and Japan, warned that cybercriminals have traditionally been attracted to high-yield targets such as the banking, finance, and pharmaceutical sectors. 

“However, it’s become evident that their attention has been veering towards healthcare information, mainly because they recognise the slower pace at which healthcare providers in our region are adopting preventive cybersecurity measures,” said Ng.

“The repercussions of cyberattacks are immense — from substantial financial losses to disruptions in essential medical services and compromising patient data,” added Ng. “The fact that more people are being alerted about their personal information surfacing on the dark web further underscores the urgency of the situation.” 

With healthcare institutions across the region rapidly digitising and introducing more technology into healthcare, the importance of strengthening cybersecurity cannot be emphasised enough. 

As governments across the APAC region look into imposing stricter data-protection laws, it’s crucial that healthcare entities don’t just rely on the bare essentials. 

“While regulatory measures are essential, waiting for them might be detrimental,” said Ng. 

“Healthcare organisations need to prioritise cybersecurity now,” he said. “This involves regular risk assessments of the entire attack surface, consistent employee training, and continuous proactive monitoring.”

Tenable recommends that healthcare organisations in APAC conduct regular risk assessments to identify vulnerabilities, provide cybersecurity training to employees, and maintain continuous monitoring of systems to detect potential threats.

The company also recommends implementing preventive and proactive measures to protect sensitive data, such as encryption and access controls, and having a plan in place to respond to a cyberattack.