Attacks against healthcare organizations have dramatically risen globally since the start of the COVID-19 pandemic. Canada has seen a 250% increase in the last few months. Criminals are mainly targeting the theft of personal data, health data and ransom money.
The coronavirus pandemic has affected every aspect of our lives, and the cyber-security landscape has not been spared. As healthcare institutions cope with the increase in COVID-19 cases, they became targets for attacks seeking to steal valuable information or to disrupt vital research operations. Ransomware attacks against hospitals and related organizations are particularly damaging. Any disruption to their systems could affect a hospitals ability to deliver care and potentially endanger a patient life. This is precisely why criminals are specifically and callously targeting the healthcare sector: because they believe hospitals are more likely to meet their ransom demands.
Canada has experienced a dramatic spike in attacks targeting healthcare organizations, with over a 250% uptick in attacks. According to a report on Slate, more than 1,000 healthcare organizations have been attacked with ransomware in the USA since 2016. The total cost of these attacks exceeds $157 million. In 2017, dozens of British hospitals and practices were targeted by WannaCry, and in 2019 a number of U.S. hospitals were forced to turn away patients due to another ransom attack. In Canada, CBC reported that 48% of security breaches last year were in the health-care industry. Cybercriminals are targeting Canada’s health system to exploit patient information and other data.
Ransomware attacks are becoming increasingly sophisticated. Cyber criminals threaten to reveal sensitive information from encrypted systems, and ransomware is often combined with other threat techniques, as in the case of the hospital in Benešov, where Ryuk ransomware entered IT systems using the Emotet botnet. Similarly, the Phorpiex botnet, for example, spreads the Avaddon-variant advertising.
Future brings more devices and higher protection requirements
The future in hospitals is clearly moving towards the increased use of networked devices via Internet of Things (IoT). Through the intelligent and automated communication of the various systems and devices, employees, doctors and nurses will be in an even better position to look after the physical well-being of patients and monitor risk groups. At the same time, this increased digital communication also generates more data, i.e. potential prey for cyber criminals. Similarly, more devices and more individual connection points to the Internet also mean that systems need broader and higher levels of protection. Complete security concepts must be set up for this type of new infrastructure in order to prevent virtual pests from getting in.
How do you protect against ransomware?
With a continued increase in sophistication, attackers are now focusing on other means of access to healthcare technology resources, including attacks on 3rd party contractors and other supply chain vendors servicing the healthcare community. This includes software vendors, equipment manufacturers, and other entities supplying healthcare with critical services.
As the world’s attention continues to focus on dealing with the coronavirus pandemic, it is essential that both organizations and individuals maintain good cyber-hygiene to protect themselves against the cyber pandemic. Here are a few tips to help prevent ransomware and phishing attacks:
- Hospitals have to secure important files and use automatic backups on employee devices.
- Ransomware groups often try to infiltrate organizations through phishing or spam messages, so security awareness training is critical. If employees suspect unusual activities, they must report this immediately to the security teams, just as they should report their own errors, a click and an unwanted download should be reported immediately to the IT department and, at best, to the IT security experts.
- To prevent a potential threat from spreading across the network, it is necessary to segment and ensure that employees only have access to the data they really need. However, hospitals should also deploy comprehensive security solutions, with a focus on preventive technologies such as threat extraction and emulation.
- All systems, devices and applications must be up to date. The Federal recommendation is to patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, we recommend using an Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps your organization stay protected.
The COVID-19 pandemic has illuminated vulnerabilities across industries and that is why our research team at Check Point keeps a close eye on the new ways bad actors are attempting to take advantage of people and organizations. As cyber security experts it is important that we deeply understand what we’re up against so we can provide the best solutions for the ever-changing problems – ideally before something bad happens. In cyber security, like healthcare, an ounce of prevention is worth a pound of cure.