At a time when healthcare services are already under pressure all over the world, this sector remains one of the main targets of cyberattacks. Unfortunately, patient care data provides all the elements cybercriminals need to tamper with documents and access financial data, increasing these attacks dramatically. Recently, the Red Cross has discovered that an unpatched vulnerability led to compromising the personal data of more than half a million extremely vulnerable persons.
INTERPOL has also warned of the #cyberthreat to the #healthcare industry during these troubled times. With #ransomware attacks against hospitals increasing, #INTERPOL is working with police worldwide to mitigate and investigate these threats https://t.co/Zv6T7m6riE https://t.co/Dbcd8HQqXZ
— INTERPOL_Cyber (@INTERPOL_Cyber) April 21, 2020
According to a cyber security player, malicious cyber acts targeting healthcare have increased by 475%, i.e., five times more attacks than usual. So much so that Interpol took up the subject by publicly expressing alarm at the proliferation of cyberattacks in health establishments.
The CyberPeace Institute reviewed data from over 235 cyberattacks on the healthcare industry in 33 countries, excluding the data breaches. While this represents a small portion of the total number of such attacks, it serves as a valuable signal of the growing negative trend and its consequences for critical care access.
Over 10 million records, including patient medical records, social security numbers, HIV test results, financial data, and the personal information of medical donors, have been taken. On average, 155,000 records are breached during an attack on the industry, although the number can be much higher, with some events reporting breaches of over 3 million records.
For example, following a cyber attack in October 2020, Indian drugmaker Dr. Reddy’s Laboratories was forced to shut down many production plants. A fortnight later, Lupin also has confirmed that an information security incident has affected its IT systems.
Cyber Security Threats In Healthcare Sector
In order to discover the best solutions, it is critical to know and comprehend the threats that hospitals and healthcare facilities confront. Therefore, the Department of Health and Human Services’ Health Sector Cyber security Coordination Center (HC3) issued its Q4 2021 Healthcare Cyber security Bulletin, warning of some of the ongoing cyber attack patterns projected to continue in Q1 2022.
DNS Targeted Attacks
Malware capable of modifying the DNS is another potential threat. These modify a system’s DNS settings and allow cyber attackers to modify the router’s configuration, which then diverts users to hacker-controlled websites.
Apache Log4J
The Apache Log4J library vulnerabilities, the first of which were made public in late November 2021, continue to cause concerns for healthcare businesses. Multiple threat actors have been attacking the vulnerabilities since a proof-of-concept exploit was revealed in December 2021.
Ransomware
Ransomware remains to be a major threat to healthcare institutions. Ransomware is often spread via phishing emails, which trick users into clicking URLs, downloading documents, or clicking attachments. The presence of ransomware within IT systems in the healthcare sector increases not only the risk but also the legal liability of the institutions concerned.
Hacking Medical Devices and IoT Threats
Hacking medical devices is an ongoing risk for healthcare cyber defence teams. These devices generally cannot support hotspot security or other software. Thus, they cannot inherently identify malicious activity or block it. Once malware circulates in hospital networks, it can easily attack medical devices. Close monitoring and analysis of traffic emerging from these devices can aid in the detection and prevention of threats before they result in a data breach.
Emotet Botnet
Emotet malware initially surfaced in 2014 and has been widely utilized in healthcare-related cyberattacks. Infected devices are linked to the botnet, and accessibility to those systems is sold to many other threat groups, which commonly results in ransomware attacks. Because Emotet is expected to pose a substantial danger to the healthcare industry until 2022, it is critical to strengthen defences.
To Conclude
The severe scarcity of competent cyber security experts continues to be a source of concern, as a robust, smart digital workforce is required to tackle the increasing number and severity of cyber security attacks in the healthcare sector. That is where Acmetek can help you out, particularly on the most major challenges confronting today’s cyber security experts with its world-class SSL certificate, code signing, and other comprehensive security services.
