Vihren Slavchev: Cyberattacks endanger patients’ lives

Vihren Slavchev is the cybersecurity company Mnemonica co-founder and CEO, and Digital Health and Innovation Cluster Bulgaria (DHI Cluster Bulgaria) co-founder. The focus of his business is on the field of information security and regulatory compatibility. Vihren himself is an expert in the field of cyber defence in medical institutions, data storage methods, and the damage from frequent threats. 

Mr. Slavchev, you work with clients from different sectors. What differences do you notice in terms of cyber-attacks in healthcare and large financial institutions? 

Cybersecurity is one of the priorities for any organization – regardless of the sector. The need for adequate protection in the digital environment became obvious when most employees started working from home. That has increased the challenges for professionals. Today, they need secure access from more and more vulnerable points. 

According to a study in the recent months, almost ⅕ of all employees per organization have asked for permission to violate digital security protocols. The underestimation of the danger allowed 1/3 of all breakthroughs to be made through profiles that have access to sensitive information. The result is employees’, partners’, and third parties’ data leakage. 

The last large-scale cyberattack we witnessed was not against a single hospital or an organization, but against an entire healthcare system – that of Ireland. The fact that the hackers finally handed over the decryption code, which allows normal work of the medical authorities, showed that their big goal was not the theft of information. They have blocked an entire sector. For medical facilities cyber-attacks are more dangerous because hackers can stop the work process, which is a direct threat to human life. Disruption of work processes in a healthcare facility inevitably leads to a lack of adequate treatment for patients. 

During the forum “Cybersecurity in healthcare or how to build digital trust”, which you organized in July together with the DHI Cluster Bulgaria, you presented the results of a survey among hospital directors, medical and IT specialists. According to them, what are the main challenges facing the health sector in Bulgaria in terms of cyber defence?

Cybercriminals are becoming more aggressive. Unfortunately, our country is not lagging these processes, thus the attacks against the medical structures in our country also mark a significant increase. The survey results showed that nearly half of the health organizations reported cyberattacks, and ⅓ of them (36%) had a breakthrough. In this context, 72% of respondents admit that they do not have policies and procedures for responding to cyber threats. 

Managers are wondering how to find time and resources to ensure the technical parameters of digital security. Globally, the trend for them is to seek the provision of cybersecurity from outside the company. Any organisation’s information security and incident prevention costs can be reduced by 50% if Security Operations Centre (SOC) is used as a service. The reaction time is reduced to 30 minutes. Our data shows that once a malicious code has entered the system, it only takes 45 minutes before it starts to cause damage. 

What causes the delay in meeting the requirements of the Ordinance on the minimum requirements for network and information security? 

This Ordinance has existed for 2 years but has not yet gained popularity. People just do not talk about that. The same goes for cybersecurity law. However, the implementation of the General Data Protection Regulation (GDPR) is different. In the case of GDPR there are serious fines – up to 4% of the company’s total turnover or up to 20 million euros. This attracted attention and created a wide reaction. 

What are the real-life examples that come to mind when you talk about cybersecurity in front of hospitals? 

The criminals took advantage of the current unprecedented health situation. Over 900 unique fraud models have been developed in recent months. Most often they are related to the danger to our health. Popular criminal schemes include phishing attacks (54%) and tracking software (46%). Encryption viruses also remain a common threat, accounting for more than ⅓ of all possible cyberattacks. 

Medical structures from the periphery of interest of fraudsters have become the centre of attacks. A massive attack gave an unfortunate result in the middle of last year. A patient lost his life after a digital attack on a hospital in Germany. After hacking, the systems of the Düsseldorf University Hospital collapsed, and it became impossible to process data at the premises of the hospital. Emergency patients were referred to other hospitals and operations postponed. A woman in critical condition had to travel 30 km. to another medical centre. She died due to untimely treatment. This is another piece of evidence that the digital threat has a real impact. 

Is it possible for the patient to contribute to the transition to well-protected health platforms? 

Patients must insist that their data are protected and at the same time to exercise control over the process. They should be regularly informed about where and how their data is stored, who has access to it and, accordingly, what their current rights are. 

What is the change you want to see among healthcare professionals’ opinions concerning patient health databases protection? 

It is important for organizations that the solutions they use are reliable, budget-friendly, and scalable. For us as experts in cybersecurity, it is essential for medical professionals to take care of digital health as well as physical health. It is essential to distrust any attempt to access their personal information or the digital information of the structure where they belong. About 70% of the cybercriminals time is spent on the so-called “social engineering.” 

According to Microsoft, more than 13 billion malicious emails have been blocked in the past 12 months, and more than 2 million URLs are created each month to retrieve personal information. That is why it is extremely important for health professionals to be aware of the possible ways of fraud. Security breaches occur mainly due to the lack of knowledge of the victims. I will quote again data from the survey, which we conducted jointly – up to 80% of the health structures in our country do not conduct regular training of those responsible for information security in order to increase the level of protection. Above all, we would like to see people in the health sector who treat cybersecurity in the same way as they treat their physical health. 

Why did Mnemonica co-found the DHI Cluster three years ago? 

I think it’s crucial that a company like Mnemonica is one of the co-founders. The fact is that there is no area that does not need cybersecurity. Moreover, there are sensitive data in healthcare, so the need for protection is high. The DHI Cluster combines the knowledge of all companies and builds up an innovative health ecosystem. Our intersection is digitalization and innovation. Everyone has their own experience thereby we contribute to building a sustainable and efficient health system in Bulgaria. An excellent example showcasing this cooperation, is the Digital Healthcare Sectoral Strategy, which can optimize several processes and thus remove a heavy burden from physicians and patients.