Health techs targeted by cybercriminals: users and patient data are at risk

During pandemic, the health market underwent a drastic change, rapidly expanding and creating space for numerous health startups. Whether it be online consultation apps, wellness services, or platforms for the use of clinics and laboratories, health techs today have received massive investment of $31.6 billion—just in the first quarter of 2021.

The growth of this sector also means that more and more data is constantly being collected, processed, stored, and discarded. A survey conducted by the Regional Center for Studies on the Development of the Information Society (Cetic) showed that doctors frequently consult confidential information about patients available electronically, such as the reasons that led them to seek care (68%), registration data (63%), and laboratory test results (57%).

Medical data of patients and users are a feast for cybercriminals
Health techs handle an extremely sensitive category of information related to the health of their clients and users. Diagnoses, treatments, dosages, exams, histories… All these confidential data sum up to an exorbitant value that is very attractive to cybercriminals. Ransomware, data kidnapping malware that poses the biggest concern for cybersecurity in the sector, is projected to cause losses of up to $20 billion in ransom in 2021.

10 out of 60 hospitals do not view cybersecurity as a priority
Even with numerous alerts, research, and attacks on large organizations (such as the breach of the Ministry of Health and the data leak from SUS), still 60% of hospitals do not consider cybersecurity a priority. This is what the Perspectives in Healthcare Security survey states, conducted in August 2021, developed by CyberMDX in collaboration with Philips.

The challenges of health techs are many—and can seem insurmountable
In addition to the inherent challenge of starting a business in a country like Brazil, during a time of economic instability and with an incessant need for growth (which is no surprise to any startup), we must consider additional difficulties before judging health techs.

Limited resources: Large hospitals and laboratories can at least count on robust cybersecurity teams, having much more generous budgets than those of startups in the field. These startups face the same risks and threats to the sensitive data they possess without the necessary security structure.

Compliance: And since we talked about the sensitivity of the data, it must be remembered that the General Data Protection Law (LGPD) and its possible sanctions also represent another challenge, putting health techs at risk not only financially—in case of leaks or security incidents—but also in terms of credibility, which can push away new business, halt services, and result in lost contracts.

Security by Design: thinking about security from the start
Many companies and startups have turned to a cybersecurity implementation model that has recently become popular, known as "Security by Design." The concept proposes that all business processes begin with security as one of the pillars rather than being implemented only at the end of the project.

For Fertilid, a platform for monitoring ovarian fertility, Security by Design was incorporated into the company’s DNA from its inception. Founder Amanda Sadi says that this decision even positively affects the startup's valuation.

"For us, it was natural to think about cybersecurity from the beginning. Not only because of the sensitivity of the data we handle but because we know that it is much cheaper to grow securely than to have to readjust everything later on."

Constant monitoring and reporting build credibility with partners
Unxpose is the most recommended solution for startups and SMEs. With specific plans for companies of this size, Unxpose provides constant monitoring of assets, as well as periodic and extremely educational reports that are easy to understand, explaining each vulnerability found, its consequences and specific impacts on the business, with improvement suggestions.

"In the process of closing partnerships with large laboratories, it was a big plus that we already thought about cybersecurity and had Unxpose monitoring our environment 24/7. The reports explain the health status of our security very well, which gives confidence to partners, enabling us to close more business," highlights Sadi.

Unxpose serves as an extra employee, strengthening the team
For health techs and startups that do not have the time, budget, or even a dedicated security team, Unxpose acts as an extra team member, providing visibility and prioritizing the identified weaknesses according to their relevance and impact.

"Our main focus today is on developing the product. With a small team, we wouldn't have time to focus on cybersecurity. Automating it was a natural solution. Unxpose alerts us about any critical vulnerabilities and teaches us how to fix them—that saves a lot of time," reflects Sadi.