As the global healthcare sector battles the ongoing Covid-19 pandemic, the number of cyberattacks targeting it has surged. In March, the Czech Republic hospital responsible for running most of the country’s Covid-19 testing, Brno University Hospital, was held to ransom and forced to shut down its IT Network.
Just days later, the US Department of Health and Human Services (HHS) was the victim of a foiled distributed denial of service (DDoS) attack. Meanwhile, the World Health Organisation (WHO) revealed that it was experiencing double the usual number of cyberattacks against its systems, including hackers running malicious sites impersonating the WHO’s internal email system.
Both the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have now issued an urgent warning after uncovering a string of cyberattacks launched by rival states against healthcare organisations fighting Covid-19, with attackers carrying out large-scale password spraying campaigns (testing common passwords across a huge number of accounts). Likewise, Interpol has cautioned about a significant rise in the global number of ransomware attacks and the FBI has issued a warning about Kwampirs malware targeting healthcare supply chains.
Cybersecurity company BrandShield CEO Yoav Keren says: “I can’t reveal the names of our customers, but I can tell you that almost all the companies that are in front of the fight against Covid-19 are our customers, and we’ve seen a surge across the board.”
Computer Weekly reported a 15-fold increase in phishing attacks in the first half of March compared to the total recorded for the month of January, and Bitdefender reported a 60% month-on-month increase in hospital cyberattacks in March. The C5 Alliance has estimated an increase in attacks of 150%.
Why are cybercriminals targeting the healthcare sector?
Software security company Irdeto’s vice president of business development Steeve Huin says: “Since the beginning of the coronavirus pandemic, there has been a significant increase in the number of cyberattacks to healthcare organisations, especially those that are at the forefront of dealing with the situation, including hospitals, research organisations, pharmaceutical companies and labs.
“The current pandemic has exacerbated the situation, expanded the spectrum of the threat and target list, and brought many basic vulnerabilities that stakeholders have ignored to the surface, making healthcare organisations much more vulnerable.”
Cyberattacks against the healthcare industry are nothing new – health records provide some of the most comprehensive individual profiles imaginable, and so are one of the most attractive records for scammers attempting to commit fraud, identity theft or credit card scams. Alongside attempts at data mining, ransomware attacks have escalated – there’s a life-or-death urgency in getting medical systems back up and running as quickly as possible, so hospitals may be more inclined to pay up. Plus, the healthcare industry significantly lags behind others in terms of cybersecurity, with a lack of digital literacy among personnel, insufficient regulations and enforcements and outdated software making it an easy target.
The presence of many interconnected Internet of Things (IoT) devices also makes healthcare organisations uniquely vulnerable. While medical devices need to connect to each other in a modern hospital system to operate effectively, each connection can open up a new gateway for hackers to access devices, connected points or networks when the system is implemented poorly. While knocking a hospital’s internal communication system offline is dangerous enough, when it comes to interfering with devices like ventilators or robotic surgical equipment, the danger becomes even more urgent.
“This is a perfect scenario for malicious and destructive activities sponsored by large criminal organisations, terror organisations and hostile countries,” says Huin. “Imagine seizing or shutting down a large healthcare centre, or a group of hospitals across a city or state or even a country. In this scenario, an enemy has compromised national security of the target country without firing a bullet.”
Essentially, more IoT devices in a network means more entry points for hackers.
Cybersecurity company Forescout vice president Myles Bray says: “Once they’re inside a network, it’s very easy for hackers to turn left and turn right. You really want to stop them at the point of entry if you can; having an understanding of everything that’s connected to your network is the first step to having a very good chance of being able to defend yourself. If you know everything that’s on the network, the devices and infrastructure, then you’ve got a much better chance of stopping these attacks.”
How can the attacks be avoided?
There are numerous ways for healthcare organisations to protect themselves from a Covid-19 motivated cyberattack. Making sure to invest in software and firmware with good internal security is paramount, as is keeping on top of software updates, which often include patches to protect against the latest threats.
Likewise, ensuring information is backed-up, employees have good digital literacy and passwords are changed regularly are simple steps that can be taken to prevent an attack.
Bray also recommends something called a zero-trust approach, a security concept that organisations should not automatically trust anything either inside or outside of its perimeters, verifying everything trying to connect to its systems before granting access.
“A zero-trust approach is becoming much more common, ensuring that you don’t assume anything about devices on your network,” he says. “You look to defend every piece of infrastructure and ensure that you’re asking sensible questions about whether a piece of infrastructure is operating as it should be.”
Alongside a zero-trust approach, network rings can also be very helpful for healthcare companies concerned about cyberattacks during Covid-19. A network ring is a configuration in which device connections create a circular path, where packets of data travel from one device to another until they reach their intended destination. This limits the damage hackers can do if they are able to infiltrate a network, as they will be trapped within the ring.
It’s unfortunate that cybercriminals are taking advantage of a global pandemic to target healthcare companies while they’re under intense pressure. But it’s also possible for their attempts to target hospitals, doctor’s surgeries and research centres to be shut down before they’ve even started. As Covid-19 continues to infect thousands around the globe, it’s vital that healthcare organisations place cybersecurity on a higher pedestal than it has been in the past, or face serious consequences for themselves and the patients they serve.