The healthcare sector is one of the most targeted by cybercriminals. Even more, the 2020 health crisis brought forth an increase in cyberattacks, most of them aimed at hospitals and research facilities. Why do ill-intended actors go for healthcare organizations and is there a way to stop them?
With the world on lockdown and a healthcare sector weakened by the magnitude of the COVID-19 pandemic, cybercriminals seem to have a blast. From malware infections, data breaches, and up to distributed denial of services attacks (also known as DDoS), the healthcare sector has seen it all.
But why does this happen? What could attackers gain from targeting hospitals, research centers, and even the World Health Organization?
The answer is manyfold, as there are plenty of benefits and actors behind what looks like hackers being plain evil.
The New Way of Showing Hostility
Cyberattacks on the healthcare sectors all over the world are not a new thing. However, according to recent data, the pandemic brought forth a 150% increase in attacks on hospitals and other organizations that are known to work on solutions to fight the virus.
The reason for such specifically targeted attacks is political and military. In most cases, attackers are sponsored by criminal organizations and/or hostile countries who found the perfect way to disrupt an entire country’s activity without using any weapons.
By targeting facilities that work with COVID-19 patients or develop technologies to fight the virus, ill-intended actors hope to stop the progress and disrupt all adjacent national systems. It’s also a way to show they have the upper hand in the battle for a vaccine or effective treatment. Of course, this type of behavior is damaging to the entire world and endangers thousands of lives, but attackers don’t seem to care.
Personal & Confidential Data
One of the main reasons hackers attack the healthcare sector is access to patients’ private data.
Data mining operations are profitable because the information helps bad actors put together detailed individual profiles for all sorts of shady activities (identity theft, credit card scams, and more). However, it can take a lot of time to create a believable profile, depending on the type of data that can be extracted through leaks.
But health records are some of the most well-detailed and complete individual profiles possible. A patient’s records will contain valuable information on his/her health habits, address, social security number, and more. In addition, the data is all in one place, which is why healthcare organizations are so often the target.
The latest technological developments in the health sector are quite impressive, but they also represent new gateways for attackers.
For instance, modern hospitals use many interconnected Internet of Things (IoT) devices to provide patients with the best possible care. While this is a fantastic way to follow someone’s progress and get the right information in real-time, each connection also represents an entry point that can be exploited. This means that hackers can put down an entire hospital’s administrative and communication system or worse, interfere with life-supporting devices such as ventilators or robotic surgical equipment.
The reason why it can be quite easy to access medical devices is that they were not created with security in mind. As such, if the network lacks security or is poorly done, medical devices can be accessed remotely to create a gateway into the system.
In addition, medical staff is usually not that savvy when it comes to network & device security. Also, they are hyper-focused on providing patients with the best possible care, which leaves little room for security concerns.
Too Many Variables
Let’s take the example of a large hospital. Besides the fact that it has at least a few hundred employees (from management to janitorial positions), the organization also collaborates with suppliers and partners from all over the world, shares information and data with similar organizations, and processes several hundred patients on a daily basis.
Each section in our pretend hospital is equipped with high-end medical devices, computers, mobile devices, communication devices, and they probably have a server room that’s the core of the system.
If we add to all these the number of visitors and other people who come and go at any time of the day, we have a mess of variables that are very difficult to control, if not impossible.
As such, it’s enough for someone to quietly observe this flow to identify the weakest point of entry. In an experiment run by a cybersecurity specialist, it took only a bit of gut and a few well-placed questions for a complete stranger to gain physical access to a large hospital’s server room.
Is There Hope?
Luckily, cybersecurity specialists are able to keep up with current threats, and there are plenty of solutions that can be used by medical personnel and administrations. However, the main issue is with the implementation and usage of these methods.
For instance, each hospital and individual healthcare organization needs a dedicated IT security team to keep the system safe and running. Security employees or collaborators are the first line of defense and their job is to make sure there are no easy to exploit entry points.
It’s also important to invest in various training sessions for healthcare employees. For instance, education in proper recordkeeping is just as important as education in how to keep safe from attacks such as phishing or ransomware (hackers tend to target employees’ personal devices to gain access to the hospital’s network).
Lastly, each institution must have a well-designed security protocol, which everyone must follow. However, it’s just as important to make it easy for people to stay safe and not forgo protocol when things get difficult.