Cyber Threats to the Healthcare Sector in the New Normal
The COVID-19 pandemic has seen a huge rise in cybercrime with the healthcare sector having been one of the main targets. Clearly, healthcare organizations (HCO) faced with the biggest public health crisis in memory didn’t need this added distraction and threat.
It’s difficult to comprehend the thinking of criminals who would carry out such attacks, but some cybercrime gangs such as Maze have claimed the moral high ground and indicated that they will stop attacks on healthcare organizations during the pandemic. Of course, no-one can be sure how much we can trust such declarations.
The coronavirus pandemic has caused terrible losses and damage that has been added to by a rise in cybercrime. But to make matters much worse, cyberattacks have been particularly damaging for the healthcare sector.
Attacks targeted healthcare at an early stage in the pandemic
Microsoft reported that ransomware groups had planned for months to activate multiple attacks in the first two weeks of April 2020. Data from a detection and response team showed that in many cases the compromises that enabled these attacks occurred in the months before, but the attackers were waiting for the critical moment at which they could maximize their financial gain. Unsurprisingly, this came at the time when HCOs were at their most vulnerable. These kinds of Advanced Persistent Threat (APT) attacks commonly breach networks by exploiting basic levels of authentication, or outdated systems and servers.
There was a 45% increase in cyber attacks on healthcare in the last two months of 2020
A report from Check Point showed a sharp increase on previous months which appears to have been financially motivated. For other industry sectors, the average rise in attacks for the period was 22% – less than half that of the attacks targeting HCOs. The data showed a weekly average of 626 attacks for every HCO in November, as compared with 430 in the previous month. This increase included ransomware, Distributed Denial Of Service (DDOS) attacks, botnets, and remote code execution. By far the biggest rise was in ransomware attacks, mainly from the Ryuk and Sodinokibi ransomware groups.
A greater dependency on remote access has increased risks to organizations
The coronavirus pandemic has led to a huge increase in employees working remotely. This tendency has amplified security risks from a number of sources such as vulnerable network infrastructures and poor security on mobile devices. This is particularly true in the healthcare industry, where a higher level of vulnerabilities is caused by employees that need immediate access to organizational data and are therefore dependent on mobile devices to access their networks. It only takes a single compromised device for hackers to access the entire network and launch a damaging attack.
Healthcare organizations are often much more susceptible to attacks
Unfortunately HCOs can often be seen as an easy target for hackers. Recent advances in healthcare technology have meant that there is a wide range of connected devices and equipment throughout well-equipped hospitals and medical centers. This means that there are more endpoints for hackers to target and then access the server. The devices do not actually need to be connected to the corporate network to represent a potential entry point.
This is only the beginning of the security challenges for healthcare organizations. The very nature of HCOs means that information needs to be shared immediately and constantly. During a medical emergency, security is naturally not the first concern. Hospitals frequently have busy schedules and limited budgets so they can be slow to update computer systems, which makes them more vulnerable to security breaches. Healthcare workers are also often pushed to their limits so it is easy for best security practices and safeguards to be neglected.
Attacks on healthcare organizations are more profitable for cybercriminals
One thing that attracts hackers to HCOs is that they store a large amount of confidential data which is a valuable commodity in their eyes. They are easily able to sell this valuable data to others who can profit from it, and this makes the healthcare sector an increasingly common target for attacks. Due to regulations like HIPAA and GDPR, HCOs have more reason to avoid data breaches that could result in heavy penalties. Sadly, this means that they can be identified as organizations that are more likely to pay ransoms which, in turn, makes them more attractive prospects for attackers.
The security challenges faced by healthcare organizations have intensified during the coronavirus pandemic, which has already had a devastating impact throughout the world. Cyber threats are constantly evolving so security measures need to be sufficiently sophisticated and HCOs vigilant to deal with Advanced Persistent Threats (APT) and other attacks. HCOs can no longer afford to deploy anything but the highest level of security defences to ensure they are not the next victim of pernicious cyber attacks.
NewPush are the security and compliance experts that optimize cyber defences for every healthcare organization.