Institutions and companies in the healthcare sector have been bravely fighting to save lives since the COVID-19 pandemic started, but they have also had to shift center to another type of viral attack. Since March, healthcare organizations have been targeted with multiple cyberattacks from threat actors who want to earn the most of any vulnerability in their systems.
The COVID-19 pandemic has devised a new reality for the healthcare sector globally testing its limits. The healthcare sector is currently facing an overwhelming situation as it has become a primary target or collateral prey of cybersecurity attacks. Malicious actors taking benefit of the COVID-19 pandemic have now launched a series of targeted phishing campaigns and ransomware attacks. Hospitals have moved their focus and resources to their primary role i.e. managing imperative health crisis and this has placed them in a vulnerable position when it comes to cyber threat protection.
Hospitals, and the whole healthcare sector must employ additional security measures to protect against a pending threat.
In March, the Czech Republic hospital accountable for running most of its COVID-19 testing, Brno University Hospital, was taken to ransom and forced to shut down its IT Network.
The World Health Organization (WHO) announced that it was experiencing double the normal number of cyberattacks against its systems, including hackers spreading malicious sites impersonating the WHO’s internal email system.
Both the UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have now announced an urgent warning after uncovering a string of cyberattacks launched by competing states against healthcare organizations fighting COVID-19, with attackers conducting large-scale password spraying campaigns. Likewise, Interpol has cautioned about a notable rise in the global number of ransomware attacks, and the FBI has announced a warning about Kwampirs malware targeting healthcare supply chains.
According to Interpol, cybercriminals have consistently attempted to take advantage of organizations that immediately deployed remote systems and networks to maintain the shift into a remote workforce. Hackers have also targeted the rise in security vulnerabilities to steal data, disrupt operations, and make profits.
Threat actors also frequently deployed disruptive malware against healthcare organizations and important infrastructure, given the likelihood of high impact and financial profit. In particular, Ransomware spiked in April 2020, used by various threat groups that had previously been relatively quiescent.
COVID-19 Related Attacks
Recent ransomware attacks have targeted institutes conducting confidential COVID-19-related research, including firms and groups producing a vaccine for the virus.
In March, for instance, the Maze ransomware hacking group struck a British research organization that was preparing to conduct trials of a COVID-19 vaccine. The hackers published thousands of personal medical records stolen from the company’s servers after the company, which declared it lacked funds to pay a ransom, refused to pay.
In April, the U.S. firm 10x Genomics—which performed sequencing research from the cells of subjects who had recovered from COVID-19—suffered a ransomware attack. The hacking association Sodinokibi took credit for that attack, alleged to have stolen one terabyte of sensitive data, and publicly published some of that information.
In June, hackers infiltrated servers in the epidemiology and biostatistics department of the University of California at San Francisco. UCSF, then between research into a COVID-19 treatment or vaccine, hired a professional negotiator and accepted to pay a \$1.14 million ransom for the decryption key.
These attacks prove that hackers capitalize on the vulnerabilities exposed by changing work patterns, such as prolonged use of personal e-mail accounts and “shadow” IT. However, the development in ransomware incidents specifically further proposes that high-stakes COVID-19 research may make companies particularly attractive targets because, as the director of the U.S. National Counterintelligence and Security Center warned in the initial days of the pandemic, “there is nothing more valuable or worth taking than any type of biomedical research that is going to assist with a coronavirus vaccine.” Because of the urgency produced by the global health crisis and the value of becoming the first to market a vaccine, the researchers may be more prepared to cut corners with technology security and more likely to give high ransoms to minimize work disruptions. The situation is irresistible to hackers, as even groups such as Maze, which publicly pledged to refrain from attacking healthcare organizations throughout the pandemic, advance to mount attacks.
Airgap Defense: Airgap’s Zero Trust Isolation technology blocks all unauthorized lateral movement within the network.
Why Are Cyber Criminals Preying on The Healthcare Sector?
Since the start of the coronavirus pandemic, there has been a notable increase in the number of cyberattacks on healthcare organizations, especially those at the forefront of dealing with the situation, including research organizations, hospitals, and pharmaceutical companies, and labs.
The current pandemic has worsened the situation, expanded the spectrum of the threat and target list, and produced many basic vulnerabilities that stakeholders have neglected to the surface, making healthcare organizations much more vulnerable.
Cyberattacks against the healthcare business are nothing new, there are some of the most attractive records for scammers trying to commit fraud, identity fraud, or credit card scams. Alongside attempts at data mining, ransomware attacks have intensified. There’s a life-or-death urgency in getting medical systems back up and working as quickly as possible, so hospitals may be more likely to pay up. Plus, the healthcare industry significantly delays others in cybersecurity, lacks digital literacy among personnel, inadequate regulations and enforcements, and outdated software, making it an easy target.
The incorporation of many interconnected Internet of Things (IoT) devices also makes healthcare organizations uniquely weak. While medical devices require to connect in a modern hospital system to operate effectively, every connection can open up a new gateway for hackers to obtain devices, connected points, or networks when the system is implemented inadequately. While knocking a hospital’s internal communication system offline is serious enough, when it comes to interfering with devices like ventilators or robotic surgical devices, the danger becomes even more urgent.
So far, in 2020, more than 5.6 million patient records have been infiltrated.
Airgap Defense: Airgap prevents any lateral scanning attempt. If under Zero Trust, an intruder breaches the perimeter controls, compromises a misconfiguration, or bribes an insider, they will have extremely restricted access to sensitive data, and safety measures would be in place to identify and respond to suspicious data access before it becomes a threat.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” said Jürgen Stock, Interpol Secretary-General, in a statement. “The increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defenses are up to date,” he added. “The report’s findings again underline the need for closer public-private sector cooperation if we are to effectively tackle the threat COVID-19 also poses to our cyber health.”
Healthcare organizations will need to maintain focus on cybersecurity basics, even as they strive to launch new initiatives. Collaboration with cybersecurity leaders and the demand for pen testing will also be crucial to identify better and understand the threat landscape and possible vulnerabilities.
About Airgap Networks
Airgap helps implement comprehensive Zero Trust in minutes without the need for agents, APIs, or forklift upgrades. The patent-pending Zero Trust Isolation platform assures threat propagation protection. Airgap’s solution can be deployed in minutes, not months. Visit airgap.io to learn more or to schedule a demo.