Tenable Raises Concerns About Healthcare Cyber Threats in APAC

Discover the urgent cybersecurity challenge facing healthcare institutions in the Asia Pacific region as cybercriminals shift their focus.

Tenable®, the company specializing in Exposure Management, is shedding light on a concerning shift in the strategies employed by cybercriminals. These malicious actors are now turning their attention to targets that may not possess substantial financial resources but can inflict significant harm when compromised. Notably, they are increasingly targeting healthcare institutions throughout the Asia-Pacific (APAC) region.

Tenable’s latest Threat Landscape report has unveiled a disconcerting trend: healthcare emerged as the primary sector targeted by ransomware attacks in 2022, accounting for 35.4% of all analyzed breach events. This marks a substantial increase from its previous share of 24% in the preceding year.

The recent surge in cyberattacks against healthcare facilities in the Asia Pacific region underscores the urgency of the situation. This includes prominent incidents such as the 2023 breach of India’s Covid-19 vaccination portal, which led to the unauthorized exposure of healthcare and personal data for millions of individuals. Another instance is the cyberattack on Hong Kong’s OT&P Healthcare group earlier this year, potentially exposing the personal data and medical history of over 100,000 patients. These breaches, among others, have the potential to result in widespread unauthorized disclosures of healthcare and personal data.

According to the IBM Security Cost of a Data Breach Report for 2023, the costs associated with healthcare data breaches have surged by 53.3% since 2020. For the 13th consecutive year, the healthcare sector has reported the highest data breach costs, averaging USD 10.93 million.

Nigel Ng, Vice President of Asia Pacific and Japan at Tenable, cautioned, “Traditionally, cybercriminals have been drawn to high-yield targets like the banking, finance, and pharmaceutical sectors. However, it is increasingly evident that they are shifting their focus towards healthcare information. This shift is partly due to the slower pace at which healthcare providers in our region are adopting preventive cybersecurity measures.”

Ng added, “The consequences of cyberattacks are significant, ranging from substantial financial losses to disruptions in critical medical services and the compromise of patient data. The growing awareness of personal information appearing on the dark web underscores the pressing nature of this situation.”

As healthcare institutions in the region rapidly digitize and incorporate more technology into their operations, the importance of bolstering cybersecurity cannot be overstated.

While governments across the APAC region explore stricter data protection laws, it is crucial for healthcare entities not to rely solely on the minimum requirements. Ng stresses the need for a proactive approach, stating, “While regulatory measures are vital, waiting for them could be detrimental. Healthcare organizations must prioritize cybersecurity immediately. This entails conducting regular risk assessments across the entire attack surface, providing consistent employee training, and maintaining continuous proactive monitoring.”

Tenable offers the following recommendations to healthcare organizations in the Asia Pacific region to safeguard themselves against cyberattacks:

1. Conduct regular risk assessments to identify vulnerabilities.
2. Provide cybersecurity training to employees.
3. Maintain continuous system monitoring to detect potential threats.
4. Implement preventive and proactive measures to safeguard sensitive data, including encryption and access controls.
5. Have a well-defined plan in place to respond to a cyberattack.

Highlighting the trust placed in healthcare institutions, Ng also pointed out, “Healthcare entities are more than just service providers. They are pillars of trust in our communities. Safeguarding against cyber threats isn’t just about data; it’s about ensuring the well-being of countless individuals and maintaining the seamless delivery of vital medical services.”

The escalating threat landscape in the Asia Pacific region demands immediate and proactive measures from healthcare institutions to protect the sensitive data and critical services upon which countless lives depend. As cybercriminals increasingly set their sights on this sector, the need for comprehensive cybersecurity strategies, rigorous risk assessments, employee training, and continuous monitoring cannot be overstated. Tenable’s insights and recommendations serve as a critical wake-up call for healthcare organizations. While regulatory support is essential, waiting for such measures to catch up may prove costly. The time to act is now, as safeguarding patient information, preserving essential medical services, and fortifying the healthcare industry against cyberattacks has never been more critical.