Since the healthcare industry entered the digital transformation era, it has been a prime target for malicious cyber groups that are looking to cause discord and make unethical gains.
Just this year, UCSF Medical school had to pay $1.14M in ransom to hackers who stole their data and left servers inaccessible. The London research lab Hammersmith Medicines Research that was working with the British government to test COVID-19 vaccines also suffered an attack, as did eResearchtechnology (ERT), a medical software company that supplies pharma companies with tools for conducting clinical trials – including trials for COVID-19 vaccines. German authorities reported in September that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Dusseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
The current multi-industry shift to digitise workflows and promote remote working due to the COVID-19 pandemic has expedited the cyber security timeline.
The Healthcare Information and Management Systems Society (HIMSS) has also warned that healthcare should prepare their systems for more aggressive and covert ransomware attacks in the near future.
Impact of the pandemic on healthcare cybersecurity
Cyber challenges have been pointed out by security researchers long before the COVID-19 pandemic. A characteristic example is that of connected medical devices whose security software have not been updated. The importance of such threats is reflected by the emergency alert that was released by the FDA last year warning that Medtronic MiniMed insulin pumps were vulnerable to potentially life-threatening cyberattacks. The ongoing digitalisation of patient data and the growing reliance on connected medical devices is creating a massively expanded threat landscape for the healthcare industry.
The situation has worsened with the crisis of COVID-19, which has urged healthcare organisations to adjust to rapid change with telehealth adoption seeing a massive increase of 50% between January and June 2020 in an effort by the organisations to slow down the virus spread. However, this quick response left the organisations with minimal time to prepare for facing the cybersecurity challenges while they were trying to perform adequately. Additionally, new relaxed policies allowed for more discretion to keep the industry moving.
Hospitals and the healthcare industry implemented work from home (WFH) for the first time, and securing remote networks and endpoints became IT’s primary focus. Hospital workers were stressed, anxious, and new to working from home. Coupled with the near-constant change in policy and outside consultation from government agencies, working from home hospital workers became an easy target to exploit and new phishing campaigns were deployed.
What is more, upon the new coronavirus breakout, hospitals and primary healthcare facilities were forced to allocate their already limited financial resources on equipment and staff that were necessary in order to face the situation, leaving IT security lost in the chaos.
As reported in the 2021 Horizon Report released by Fortified Health Security, more than 500 healthcare organisations have reported a breach of more than 500 patient records to the Department of Health and Human Services Office for Civil Rights from January to October 2020. According to the same report, 79% of all reported breaches were on providers, affecting around 13.5 million patients. In the same period, attacks on network servers increased by 12% when compared with the same timeframe of 2019.
It is notable that cyberattacks targeting healthcare organisations have spiked by 45% since November 2020 as COVID-19 cases continue to increase globally, according to a report published by Check Point Research a few days ago. This makes healthcare the most targeted industry by cybercriminals when compared to an overall 22% increase in cyberattacks across all industry sectors worldwide seen during the same time period. Central Europe was on the top of the list of regions impacted by the increase in attacks against healthcare organisations (145% uptick in November).
Ransomware attacks are in the lookout due to their increase by 109% annually in the US, as reported by SonicWall; Ryuk and Sodinokibi are emerging as the primary ransomware variants employed by various criminal groups, “emphasising the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign, which allows the attackers to make sure they hit the most critical parts of the organisation and have a higher chance of getting paid,” as Omer Dembinsky, Check Point’s manager of data intelligence said.
However, email remains the most common (38%) attack vector for stealing patient data with phishing campaigns continuing to grow and becoming more sophisticated and targeted.
Possible solutions
Security experts highlight that the pandemic has acted as a wakeup call that will have a lasting impact on the healthcare industry well into 2021.
Ransomware is becoming the single biggest threat to healthcare cybersecurity. Mitigation strategies include cybersecurity awareness training for employees around phishing, implementation of Intrusion Detection Systems (IDS), blocking suspicious IP addresses, and other best practices. Experts advise to look for trojan infections, as ransomware attacks do not necessarily start with a ransomware. The use of anti-ransomware solutions could also be employed. With most ransomware attacks in the past year having taken place during weekends and holidays when IT staff are less likely to be working, vigilance should be raised during these days.
Telehealth has finally become mainstream. It’s been a lifeline for patients and providers during the pandemic, with US Medicare even allowing for greater coverage. While it is enabling continuity of care, it does pose new cybersecurity challenges. Healthcare organisations need to be vigilant about the platforms they choose, how they are used, and the networks where they sit. Organisations might consider practices like penetration testing to check the stability of the system.
Many of the current cyber attacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link, or to supply specific details. User education to help identify these types of malicious emails is often considered one of the most important defences an organisation can deploy.
Future situation
The whole humanity and, of course, the companies are expecting 2021 with the hope to be a better year in all aspects. With the adoption of remote work having expanded during and due to the COVID-19 pandemic, security professionals and IT departments have had a stressful year. While vaccines are becoming available to the population, many organisations are planning to continue with remote work until at least late spring 2021 while others will continue to migrate to a hybrid model as part of their long-term business plans. With all of this in mind cyberattacks and digital transformation are expected to continue. While the winter of 2021 will still experience the impact of COVID-19, the overall situation around technology, security, privacy, and business appears to be more optimistic. 2021 is expected to be the year that companies will hopefully mature into employing and deploying new, and safe, digital models.
#databreach #dataprivacy #cybersec #cybersecurity #infosec #cyberattack #hacked #phising #ransomware #datasecurity #dataprotection #healthcare
Sources
https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html
https://www.securitymagazine.com/articles/94306-security-predictions-for-2021