How Cybercrime Affects The Healthcare Industry

Uploaded on 2017-06-13 in BUSINESS-Services-Health & Welfare, FREE TO VIEW, GOVERNMENT-Law Enforcement, NEWS-Cybersecurity News

The Healthcare industry has featured in the top 5 industries attacked by cyber criminals for a number of years now.  

The recent WannaCry ransomware attack across the globe that affected many health trusts across England and Scotland has brought the health impact of the cyber threat to the forefront of media and political debate in the run up to the 2017 General Election. So why would anyone want to attack healthcare and what are the threats?  

2016 was a very difficult year for healthcare when it came to cyber-attacks and developing cyber threats.  According to the TrapX Security 2016 Healthcare Cyber Breach Research report, “the nature of the threat continues to diversify into a greater variety of complex attacks promoted by sophisticated and persistent human attackers. 

These attacks against hospitals and medical organisations are still driven by the lucrative economic rewards for organised crime. Medical records are among the most complete set of records available and, hence, are in demand for a variety of reasons.

In October 2016, Ben Gummer, now the ex-Minister for the Cabinet Office and Paymaster General warned that the NHS was at risk of cyber-attacks, saying that “hacking is "no longer the stuff of spy thrillers and action movies" but a clear and present threat and large quantities of sensitive data held by the NHS and the Government is being targeted by hackers.”

In January 2017 Barts Health Trust warn its staff that the trust’s four hospitals in East London: The Royal London, St Bartholomew’s, Whipps Cross and Newham were experiencing a “ransomware virus attack.”  This came after similar attacks on Northern Lincolnshire and Goole Foundation trust in the previous October.

A recent report on the Deep Web black market for electronic health records (EHRs) by researchers affiliated with the Institute for Critical Infrastructure Technology pointed out that “healthcare systems are relentlessly and incessantly attacked by different types of attackers.”

One of the reasons that medical networks remain vulnerable is that many legacy systems and devices lack the ability to be updated and patched, yet are connected to networks.  Or the updating of systems, often via patches provided free from operating system vendors, is not seen as a priority by senior managers and something “IT are responsible for”. It therefore doesn’t matter if the newer devices are completely up to date as the organisation’s “Internet of Medical Things (IoMT)” becomes vulnerable to its weakest link.

Medical records, especially but not exclusively in the USA, by dint of their comprehensive nature, sell for hundreds of dollars on the Dark Web and there is no shortage of them.  

According to the IB Times last year, a hacker claimed to have broken into multiple healthcare databases across America and listed a fresh trove of 9.2m records on a Dark Web based marketplace for 750 Bitcoin (£368,000). The vendor, using the pseudonym 'The Dark Overlord', claims the plaintext 2GB database includes names, addresses, emails, phone numbers, date of births and Social Security Numbers (SSNs) belonging to 9,278,352 Americans.

However, for those compromised, many don’t realise that their records can be sold repeatedly by the criminal networks operating in the Dark Web and that this could cause long term problems.

Information that is contained in medical records can be used for many different types of identity fraud and phishing attacks and because of its comprehensive nature, the threat from these can persist for many years.

In the UK, the attack vector seems to be different to the USA and attacks are mainly via ransomware. Trying to extort money from vulnerable hospital trusts rather than individuals.   NHS hospital trusts in England reported 55 cyber-attacks in 2016, according to data obtained by the BBC from NHS Digital, who oversees cyber security.

The WannaCry attack has blown this statistic away and will put a spotlight on cyber security across healthcare in the UK. As the attack unfolded, Eugene Kaspersky from Kaspersky Labs said that it, “looks like a cyberattack of a criminal nature but with a global impact that's very close to terrorism.”  Kaspersky continue to help Europol to try and track the perpetrators.

Until now, NHS Digital reported a steady increase in reporting but were quick to point out that this increase didn’t necessarily mean an increased number of attacks, just better awareness and they didn’t believe any patient records had been compromised.  Oliver Farnan, from the Oxford Cyber Security Centre, said ransomware attacks had become more common and 'The risk is going to increase'; how right he has been.

Advising on the threat to the NHS in the UK falls to CareCERT who have been analysing threat intelligence and broadcasting relevant, focused advisories to health and care organisations since October 2015, with partners in industry and using links across the public sector, including the NCSC, CERT-UK, CESG and CPNI.

With this emerging threat potentially affecting all our health, what better place to gain a clearer understanding of how to counter it, than at the UK Security Expo at the end of November 2017

UKSecurityExpo:

You Migt Also Read:

What Healthcare CISOs Should Know:

Healthcare Starts Spending Big On Cybersecurity:

Stolen Health Records Flooding Dark Web Markets:

British NHS Hospital Trust Under Cyber Attack:

 

« Cambodia’s Cyber War Room
Stephen Fry: Facebook Classed as Publishers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.