Healthcare Is The Prize Target For Cyber Criminals

Uploaded on 2021-01-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

At least three global issues will be remembered as characterising 2020. The Coronavirus, climate change and the increased use of the Internet by criminals to disrupt society. Two of these issues have now merged as cyber attacks are being used to disrupt health care organisation as they fight the virus pandemic

As the healthcare sector continues to offer life-critical services while working to improve treatment and patient care with new technologies, criminals and cyber threat actors look to exploit the vulnerabilities that are coupled with these changes. More than a quarter of the incidents which the UK's National Cyber Security Centre (NCSC) responded to were in 2020 related to the Coronavirus. 

From a criminal view point the reason is that confidential patient information is worth a lot of money to hackers when put up for sale on the Dark Net. 

Hospitals store an incredible amount of patient data. Confidential data that’s worth a lot of money to hackers who can sell it on easily – making the industry a growing target. These organisations have a duty to protect their patients’ personal records. With GDPR coming into play this year, it’s becoming increasingly important for hospitals to keep their information secure.
Information exposed in the incident included names, dates of birth, health insurance information, medical treatment information, medical diagnostic information, lab results and medical record numbers. 

In the US, the Medicare or Medicaid healthcare programs hold medical billing information, bank account information, credit or debit card information, CHAMPUS ID numbers, Military and/or Veterans Administration numbers, driver’s license numbers, signatures, and Social Security numbers. 

According the NCSC, some of the incidents they deals with were related to countering nation-state attacks, but most were criminal in nature. It also disclosed that it had thwarted 15,354 campaigns that had used coronavirus themes as a "lure" to fool people into clicking on a link or opening an attachment containing malicious software.

Coronavirus has thrown the healthcare  sector to the forefront of cyber security in 2020, but the next year is likely to see the dangers continue and evolve. 

Threats from nation states and criminals to the health system are a growing concern. The huge logistical challenge of rolling out vaccines faces the risk of disruption to complex supply chains and criminal ransomware poses a threat at a time when the pandemic has increased our reliance on technology. The distribution of the various coronavirus vaccines may bring relief, but it also brings with it a major challenge for those involved who  have not previously had to think about cyber security.

The complex global supply chain for vaccines ranges from factories in one country to Internet-connected fridges in another. 
It will create new pressure on doctors' surgeries, IT systems, and sometimes small providers who play a critical role. 

IBM has already said it has said that the international vaccine supply chain has been targeted by cyber espionage .
says it believes the campaign started in September 2020 when phishing emails targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance.

Major pharmaceutical companies are no stranger to cyber-espionage. In July, the UK accused Russian intelligence of targeting research, including for the Oxford vaccine, while the US accused Chinese hackers of similar activity. But despite concerns about states, experts say, criminal ransomware, the locking of people out of their computers and data until they pay a ransom remains a serious and persistent threat. 

A recent report from security firm Positive Technologies says half of all the cyber attacks on healthcare were ransomware in the July-to-September quarter of 2020. US hospitals have been worse hit than the UK. It is thought this is because criminals see them as richer than their NHS counterparts. In just 24 hours in October, five American hospitals received ransom demands of at least $1m (£810,000), leading to some cancer treatments being cancelled.

The UK has made stride to fix weaknesses in the NHS systems exposed by 2017's Wannacry ransomware attack. Even so, there are concerns it could be hit again. Any cyber security measures placed on healthcare organisations need to consider the impact they may have on current working practices.

IT staff should try to align security measures with existing software. There are plenty of authentication solutions available that work seamlessly with software like Office 365, meaning medical staff can perform their daily tasks without distraction.

Back Data Regularly

It doesn’t matter what industry you work in, backing up data should be a habit. You want to save any sensitive data and documents in at least one other location. It can be physical or virtual, like a hard drive or cloud system, but the key is to store information in separate, secure places.

Being the victim of a healthcare cyber attack can be devastating, but with a backup, you’ll be able to recover lost data and patient records much quicker. Otherwise, the hacking attempt might have a crippling effect on your organisation.

 Microsoft:      Infosecurity Magazine:   Swivel Secure:    BBC:     BBC:    NCSC:   

Health Tech Zone:      Center for Internet Security

You Might Also Read:

A Hospital Hack Caused A Patient To Die:

 

« Swatters Hack Smart Devices
Fallout From The SolarWinds Breach Widens »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

CompliancePoint

CompliancePoint

We design and implement strategies, processes & procedures to mitigate risk, reach compliance goals, protect data assets, and meet industry standards.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Italtel

Italtel

Italtel is a multinational ICT company that combines networks and communications services with the ability to innovate and develop solutions for digital transformation.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards has been started with a great vision to safeguard India from the current threats in the cyber space.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

MergeBase

MergeBase

Reduce software supply chain risk with MergeBase proven Software Composition Analysis (SCA).