Since the first Geneva Convention was signed, medical workers have been granted special status and hospitals have been recognized as neutral territory. In the future, we will probably need some kind of online counterpart; healthcare companies suffer from cyberattacks no less than other targets do. The big difference is that in the case of public health companies, what\u2019s at stake is not only business, but also human health.<\/p>\n
However, even if such a convention comes into force, it will not rid medical companies of the necessity of providing full-fledged protection against cyberthreats. Quite often, malefactors launch \u201cmass destruction\u201d attacks, and as much as they would like to affect the way the victims are chosen, altering the selection isn\u2019t possible.<\/p>\n
For example, take a couple of recent epidemics<\/a>, WannaCry and ExPetr. At first glance, both seemed to be encrypting attacks, and both affected a vast number of healthcare enterprises.<\/p>\n The first, the notorious WannaCry, launched on May 12, 2017. During the Trojan\u2019s first days, more than 200,000 computers fell victim. Those damaged the most by the attack included organizations participating in the British National Health Service (NHS). Clinics across both England and Scotland<\/a> were affected. Some of them turned off their e-mail services to prevent infection from penetrating local networks. Many clinics even had to ask their clients to turn to other clinics\u2019 services if they didn\u2019t require urgent medical treatment.<\/p>\n The second epidemic, ExPetr, spread through the servers of Ukrainian tax reporting software. Therefore, companies filing their tax documents, including healthcare companies, were at risk. It was not only Ukrainian companies that suffered; a large Russian private medical company, INVITRO, which specializes in laboratory analyses, was among the attack victims as well. The company\u2019s computers were out of order for about five days.<\/p>\n Both epidemics encrypted computer data, and in both cases, decrypting the data was not possible even if companies paid the ransom. But the most important point here is that WannaCry and ExPetr would not be such dreadful threats if the affected companies had a considered cybersecurity strategy in place.<\/p>\n