What Can The Healthcare Sector Learn From 2021’s Threat Landscape?

According to a recent study, approximately 30% of the world’s data is currently being generated by the healthcare sector. By 2025, it’s expected that the compound annual growth rate of collected data for healthcare will reach an all-time high of 36%. That means the sector is generating data faster than manufacturing, entertainment, and even financial services. 

As the link between technology and healthcare continues to grow, supercharged by the fallout from the pandemic and the move to digitize everything from appointments and prescriptions to scans and blood tests, it’s little wonder the sector has become a prime target for cybercriminals.

Healthcare institutions have been heavily and repeatedly attacked by organized cybercriminals since the beginning of the pandemic, with hospitals, research facilities and pharmaceutical companies all being targeted due to the high-value, time-sensitive nature of their work. Over the past year we’ve seen a variety of attacks on this sector including:  ransomware, botnets, remote code execution and even DDoS attacks. These threats have been known for some time, with the FBI issuing a notice in 2020, warning organizations in healthcare about increasingly serious DDoS attempts. 

In our 2022 Security Report, we revealed that healthcare experienced an average of 830 cyberattacks every week throughout 2021, a staggering 71% increase on the previous year. This makes it one of the most heavily targeted industries in the world, ahead of utilities, banking and manufacturing. As the sector continues to experiment with IoT solutions - from wearable biometric scanners and automated prescriptions, to MRI machines that act as a welcome mat for hackers - its attack surface area is expanding faster than its security can keep up with.  

A Pandemic Of Cybercrime

As COVID-19 cases spiked around the world, so did attacks on our hardworking healthcare industry. In October 2021, the healthcare system that serves Newfoundland and Labrador in Canada was hit by a devastating ransomware attack that one local expert said was the “worst cyberattack in Canadian history.” Employee and patient data was stolen and thousands of vital appointments, including chemotherapy sessions, were canceled or delayed. In the same month, a crushing ransomware attack was directed at a hospital in the Middle East for the first time, as the Chinese group “DeepBlueMagic” targeted the Hillel Yaffe Medical Center in Israel. The medical center's computers were incapacitated, making the admission and discharge of patients virtually impossible. At the end of the year, the Behavioral Health Group (BHG), which runs more than 80 opioid clinics in the US, fell victim to a cyberattack that disrupted its entire network for more than a week. Prescriptions couldn’t be retrieved, so patients had to go without potentially life-saving medication. While BHG didn't reveal the cause of the incident, most experts agree it was likely a ransomware attack. 

More recently, in January 2022, a serious data breach at The Red Cross led to the exposure of half a million vulnerable people’s data. The organization, headquartered in Switzerland, had to shut down computer systems running its Restoring Family Links program, which seeks to reunite families during disasters or periods of conflict. 

What’s InIt For Hackers And Why Now?

The main motivation for threat actors targeting the healthcare sector, from hospitals and clinics to research facilities and charity organizations, appears to be financial. The sheer pressure that hospitals have been under over the past two years to help us deal with - and recover from - the pandemic, has been enormous. The more important the sector’s work, the more tempting the target becomes for threat actors. In June 2020, just months into the pandemic, the University of California’s School of Medicine was targeted and sensitive data was held to ransom, forcing the university to pay more than $1 million USD to carry on its important research. 

The health sector has always been vulnerable to extortion, but the pandemic increased this vulnerability tenfold. In 2020, Check Point Research revealed that the notorious Ryuk ransomware, which had been around since 2018, had changed its focus to specifically target hospitals in order to take advantage of the crisis. 

What Can The Health Sector Learn And How Should It Adapt?

In the vast majority of ransomware cases, the threat isn’t the ransomware itself, but its point of entry onto an organization’s network. Most are deployed through trojan infections, often occurring weeks or even months before an attack even takes place, so it's important that hospitals, clinics and research facilities have anti-ransomware solutions in place. 

The health sector also faces a unique challenge in that it has one of the fastest-growing attack surfaces of any industry. From infusion pumps and patient monitors in hospitals, to take-home biometric devices and even connected wheelchairs, the potential points of entry for threat actors are multiplying year on year. Hospitals and other healthcare environments should therefore be thinking about how to minimize this potential attack surface and reduce risk. The first step toward achieving this is gaining full visibility over every connected device or endpoint, then assigning a risk weighting to each device or category of devices before setting granular security policies that reflect the level of risk. 

At a time when the health sector is at its most vulnerable, it should also be at its most secure. By investing in proactive threat monitoring and detection solutions, clinics, hospitals and research facilities will be able to guard against the rising tide of targeted attacks, giving themselves a clean bill of health for 2022 and beyond. 

Ian Porteous is Regional Director, Security Engineering, UK&I at Check Point Software  

You Might Also Read: 

Inventive Ransomware Group Focused On Healthcare Data:

 

« EU & US Agree New Data Rules To Replace Privacy Shield
Types Of Security Testing Explained With Examples »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Portnox

Portnox

In 2007, Portnox set out to create one of the world’s easiest to use, most loved, value-driven network security solutions — and our customers will tell you we’ve succeeded.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.