The health and medicine sector are increasingly digitized, a trend that will accelerate with more widespread adoption of artificial intelligence, wearables and internet of things-based healthcare. Yet, this digital transformation carries notable cybersecurity threats. While there is ample evidence on cyberattacks to this sector, information on whether they cause health impacts is contradictory, in particular whether they have, subsequently, contributed to severe health outcomes.
In order to explore this inconsistency, we used the Europe Media Monitor (EMM) to retrieve media content on cyber incidents in healthcare settings reported in several European languages over one year. We focused on cyber incidents with reported impact to patients’ health by using selected combinations of keywords and appropriate exclusion criteria. We retrieved 21 cyber incidents with potential health impacts such as postponed therapies, delayed surgeries. Notably, for none of the incidents adverse health effects (e.g. injury, deterioration of health, death) were reported.
This study reveals cyber vulnerabilities in the EU healthcare sector and further highlights the challenge of characterising cyber incidents in regard to their health consequences. Hurdles are a lack of consistent evaluation and reporting criteria and a lack of frameworks for assessing causality. We alert that such tools need to be developed in order to prepare for the rising risk of cyber incidents in an increasingly digitised healthcare environment