COVID-19 pandemic has resulted in extensive disruption due to cyber-attacks to the healthcare Sector. Along with the issues pertaining to ensuring sufficient healthcare capacity and resourcing when the healthcare system was stretched to it full capacity, healthcare industry and pharmaceutical manufacturing plants are now also facing intensified cyber-security threats. These have been targeted in a variety of complex and coordinated cyber-attacks. As per report , in US, last year, there were 92 individual ransomware attacks that affected over 600 separate hospitals, clinics and other healthcare organizations and more than 18 million patient records. Estimated the cost of damage caused by these cyber-attacks is almost $21 billion. As per The annual report Verizon DBIR (Data Breach Investigations Report), indicates the substantial increase in the number of data breaches and cyber-attack incidents in the healthcare Industry. Healthcare Industry as whole suffered a 71 percent increase in breaches or incidents in 2020 over 2019.
The healthcare sector faces significant cybersecurity threats unique to this sector. When lives of patients, not just the fortunes, are at stake. Healthcare Sector therefore is an very attractive targets for cybercriminals for three main reasons:
- Cyber Criminals can quickly launch cyber-attacks to steal data and sell patient medical and billing information on the darknet for insurance fraud purposes.
- Ransomwares ability to encrypt data and lockdown patientcare medical devices and back-office systems makes it a very lucrative ransom payments likely.
- Internet-connected medical devices, “Internet of Medical Things” or IoMT are vulnerable to tampering, remotely.
Since the beginning of COVID-19, Cyber Criminals have been targeting healthcare sector due to the potential value of patient’s health data. In addition, healthcare industry is vulnerable to cyber-attacks because it uses legacy systems that are mostly out-dated, never updated, nor patched and are vulnerable to attacks. The healthcare sector is susceptible to paying the ransom because the disruption in the medical procedures, reputational loss, and damage to the patient’s data can be more expansive than preventing the loss by paying the ransom. In case of any Ransomware attacks, healthcare organizations are seen to be prepared to pay ransom to cyber criminals so to avoid downtime of their systems and gain back the access to critical patient data. The healthcare industry have become a very lucrative target of cyber criminals because there is a very higher probability that will pay the ransom as compared to attacks on any other industry sectors.
Attack vectors used by cyber criminals in the cyber-attacks on the healthcare sector have been varying, with definitive increase in Ransomware, Botnet, Remote Code Execution (RCE) and DDoS attacks. However, Ransomware remains the biggest malware threat and Ransomware attacks have shown the largest percentage increase since the Ransomware attacks are financially motivated. Ransomware gives cyber criminals large pay-outs in a matter of days after conducting a cyber-attack and ransoms are often paid in Bitcoin which are pseudo anonymous and difficult to trace. Paying ransom to the cyber criminals at time allows the files to be restored and prevent the release or sale of stolen sensitive patient’s data in the Darknet. Though, it is highly unlikely that cyber criminals give back the stolen data despite paying the ransom. Healthcare service providers are required to restore access to patient data quickly at any cost so as to ensure patient care can continue to be provided uninterrupted, especially at a time when the complete healthcare sector is under tremendous pressure due to rise in number of new patients requiring treatment for COVID-19 cases.
With this vast threat landscape in the healthcare sector, due to the vulnerabilities in the medical devices and hospital IT networks, cyber-criminals are seeking to capitalize on these vulnerabilities and launch cyber-attacks. This includes stealing intellectual property of the data related to COVID-19 vaccine research and development. Taking the advantage of healthcare sector not being prepared for any sophisticated cyber-attacks, vulnerabilities in the healthcare networks have been exploited globally, some of the cyber-attacks that were on the headlines in 2020 were:
- Cyber-attack on the Czech hospital in March 2020. This halted the IT networks of this hospital that was hosting one of the country’s biggest COVID-19 testing laboratories, forcing its entire IT network to shut down. This resulted in significant diagnostic delays that adversely impacted patient care.
- Ransomware attack on a COVID-19 vaccine trial facility in UK in March 2020.
- Cyber-attack on the US Health Agency in March 2020.
- Cyber-attack on the construction company building the UK’s emergency COVID-19 hospitals in May 2020.
- State-sponsored attack on UK, US and Canadian facilities developing COVID-19 vaccine in July 2020.
The cyber-attacks on healthcare networks have been highly targeted, with the main ransomware variants used in the attacks been delivered using variety of methods to gain initial access and are distributed via spear phishing emails and exploit kits etc. Almost all the ransomware attacks start with target phishing emails using social engineering to deliver Trojans such as Emotet, TrickBot, and Dridex and with user inadvertently clicking on the email and thereafter the attack process commences. Though there have been different variants of Ransomware used to target healthcare sector, Conti ransomware continues to pose a major threat and has been used in many healthcare sector ransomware attacks, although Ryuk Ransomware remains the most commonly used ransomware variant, followed by Sodinokibi Ransomware.
As most of the ransomware attacks start with a spear phishing emails, it is important to ensure to implementation of anti-phishing cybersecurity solutions in the health care organisations, and employees to undergo regular training to help them identify phishing emails and social engineering attacks. Interestingly, while most of the phishing attacks occur in the week during business hours, ransomware attacks commonly commence over the weekend and during holidays, when monitoring by security staff is likely to be reduced. Healthcare organizations are advised to raise their guard and be alerts over the weekends and during holidays to detect any cyber-attacks in progress.
There is an urgent need for healthcare sector to protect themselves against cyber-attacks. Unfortunately, healthcare sector often lacks correct resources to protect them against cyber-attacks. Ransomware attacks have been a huge cause for concern for hospitals all over the world specially when all of the healthcare sector was focused towards the treatment of COVID-19. In some of the attacks, they have been able cripple key systems and prevent hospitals from accessing crucial patient data until the ransom is paid to the hacker in bitcoins. This situation due to ransomware attacks is getting compounded to COVID-19 pandemic and becoming even bigger problem that leads to severe delays and costs to healthcare organizations, patients going untreated, and cancelled appointments. The top cybersecurity threats healthcare sector is facing today are:
- Patient personal information that is valuable to be sold on Darknet.
- Medical devices are mostly running on vintage software’s without any updates and patches and often lack adequate security controls.
- Medical professionals need to access medical data remotely more often have but inadequate cyber security solutions installed to ensure secure access.
- Inadequate cyber risk training among healthcare workers.
- Outdated medical device technology used in many healthcare facilities.
Despite the growing cyber threats to the healthcare sector, cybersecurity spending in the healthcare sector varies significantly due to the specific requirements of organizations. Majority of healthcare organisations are spending their budgets on procuring network security devices and investing in mobile protection, while a large number of healthcare organisations are migrating to cloud-based solutions. Despite the safety as their prime concern, small and medium-sized healthcare organisations, cloud adaption is a haven from cyber-attacks. Early adaption of cloud-based technology by the healthcare sector is a viable option, as most of these organizations do not have a dedicated cyber security staff that can deal with ransomware attacks.
Healthcare organizations have introduced plenty of Internet of Things (IoT) enabled medical devices into their facilities. Wearable and implantable IoT devices are widely used in patients’ healthcare, including insulin level monitors to pacemakers. This has increased the threat landscape of healthcare multi-fold. This at the same time have given rise to challenges of effective patch management, software upgradation, lifecycle management of these devices and malware protection in healthcare organisations. Alongside this, it is imperative for all healthcare organisations to ensure all their staff are aware of cyber-attacks including:
- luring themselves into downloading malicious apps on their mobile devices.
- Inadvertently clicking on Phishing emails disguised as official outbreak updates which distribute malware via attachments or links.
- Clicking on Embedded fleceware, spyware or malware in publicly available interactive COVID-19 maps and websites.
- Maintain Good cyber-hygiene and staff training which should be incorporated into everyday working patterns for staff. which includes:
- use of strong passwords and regularly changing passwords.
- Avoiding to open unknown emails and links.
- Enablement of Data Leakage Protection and End Point Detection and Remediation at work and home.
Cyber-criminals have the capability to remotely shut down devices, servers or whole networks and demand a ransom to return patient data. This may cause disruption in ongoing medical procedures and loss of patient records, imaging and surgical services, medical devices and appointment systems. As more and more medical devices become increasingly ‘connected’, cyber-criminals can hack devices such as cardiac pacemakers, ECG machines, MRI machines etc. Healthcare organisations should remember that any cyber-security breach can result in disclosure of personally identifiable medical information and can severely interrupt clinical services, including emergency or life-saving care, potentially resulting in loss of life. Healthcare organisations should be prepared to handle any short- and long-term impacts of any cyber-attack, they must have robust business continuity plans in place and also bear in mind the economic and legal implications as a fall out of these cyber-attacks.
As of now, healthcare sector seemingly is losing ground in its battle against cybercrime. Antiquated medical devices, IT networks and very few or none trained cybersecurity professionals combined with an increase in connected IoT enabled medical devices has left this sector vulnerable and offers a vast threat landscape. Technological advances in IoT enabled medical devices mostly connected to internet have exceeded improvements in backend support systems where valuable patient information is stored.
Seeing the threats and vulnerabilities to the healthcare sector, Cybersecurity solutions for healthcare organizations should provide safeguards against any cyber-attack attempts by cyber criminals. Healthcare organizations must now be able to confront any threats may it be from organized cybercriminals, hackers for hire, or nation states.
Healthcare Sector Cyber Security Best Practices . Best practices that healthcare sectors need to immediately address so as to meet these significant challenges are:
- Should change their mind set to view cybersecurity challenges as a business risk rather than just a technical challenge.
- Cybersecurity should be addressed and discussed at the board level and do so on a regular basis.
- Employees should be educated to be cyber aware and should be provided training according to their roles and responsibilities at a regular interval.
- High time to create new roles, such as Medical Security Officer or Medical Device Security Specialist, to address emerging cybersecurity challenges.
- Security implications should be considered while purchasing IoT Enabled Medical devices.
- Should test cybersecurity incident response protocols time to time and rehearse them
Healthcare organizations that will incorporate these steps into their overall cybersecurity frameworks will be best poised to successfully thwart aby cyber-attack challenges that await. Healthcare organisations should be aware that they face additional risks in the context of any cyber-attack and ensure these are appropriately managed as they are handling the patient data and medical devices which directly impact the lives. Under-investment and cost cutting while procuring and implementing cyber-security in healthcare organisations means they are going to be vulnerable to ransomware attacks, particularly during the COVID-19 pandemic.
To Keep the healthcare organisations safe against any cyber-attacks, they must look at each new medical device which they are going to procure in terms of the medical benefits provided to their patients and the risk of cyberattacks so that they don’t increase the threat landscape and be vulnerable.
Col. Inderjeet Singh Brar is an expert in encryption and block chain technology.
©️ The content of this Article is intellectual property of The 4th Estate and can not be used except with prior written consent of the Editor, The 4th Estate.