Healthcare Is The Prize Target For Cyber Criminals

Uploaded on 2021-01-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

At least three global issues will be remembered as characterising 2020. The Coronavirus, climate change and the increased use of the Internet by criminals to disrupt society. Two of these issues have now merged as cyber attacks are being used to disrupt health care organisation as they fight the virus pandemic

As the healthcare sector continues to offer life-critical services while working to improve treatment and patient care with new technologies, criminals and cyber threat actors look to exploit the vulnerabilities that are coupled with these changes. More than a quarter of the incidents which the UK's National Cyber Security Centre (NCSC) responded to were in 2020 related to the Coronavirus. 

From a criminal view point the reason is that confidential patient information is worth a lot of money to hackers when put up for sale on the Dark Net. 

Hospitals store an incredible amount of patient data. Confidential data that’s worth a lot of money to hackers who can sell it on easily – making the industry a growing target. These organisations have a duty to protect their patients’ personal records. With GDPR coming into play this year, it’s becoming increasingly important for hospitals to keep their information secure.
Information exposed in the incident included names, dates of birth, health insurance information, medical treatment information, medical diagnostic information, lab results and medical record numbers. 

In the US, the Medicare or Medicaid healthcare programs hold medical billing information, bank account information, credit or debit card information, CHAMPUS ID numbers, Military and/or Veterans Administration numbers, driver’s license numbers, signatures, and Social Security numbers. 

According the NCSC, some of the incidents they deals with were related to countering nation-state attacks, but most were criminal in nature. It also disclosed that it had thwarted 15,354 campaigns that had used coronavirus themes as a "lure" to fool people into clicking on a link or opening an attachment containing malicious software.

Coronavirus has thrown the healthcare  sector to the forefront of cyber security in 2020, but the next year is likely to see the dangers continue and evolve. 

Threats from nation states and criminals to the health system are a growing concern. The huge logistical challenge of rolling out vaccines faces the risk of disruption to complex supply chains and criminal ransomware poses a threat at a time when the pandemic has increased our reliance on technology. The distribution of the various coronavirus vaccines may bring relief, but it also brings with it a major challenge for those involved who  have not previously had to think about cyber security.

The complex global supply chain for vaccines ranges from factories in one country to Internet-connected fridges in another. 
It will create new pressure on doctors' surgeries, IT systems, and sometimes small providers who play a critical role. 

IBM has already said it has said that the international vaccine supply chain has been targeted by cyber espionage .
says it believes the campaign started in September 2020 when phishing emails targeted organisations linked to the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance.

Major pharmaceutical companies are no stranger to cyber-espionage. In July, the UK accused Russian intelligence of targeting research, including for the Oxford vaccine, while the US accused Chinese hackers of similar activity. But despite concerns about states, experts say, criminal ransomware, the locking of people out of their computers and data until they pay a ransom remains a serious and persistent threat. 

A recent report from security firm Positive Technologies says half of all the cyber attacks on healthcare were ransomware in the July-to-September quarter of 2020. US hospitals have been worse hit than the UK. It is thought this is because criminals see them as richer than their NHS counterparts. In just 24 hours in October, five American hospitals received ransom demands of at least $1m (£810,000), leading to some cancer treatments being cancelled.

The UK has made stride to fix weaknesses in the NHS systems exposed by 2017's Wannacry ransomware attack. Even so, there are concerns it could be hit again. Any cyber security measures placed on healthcare organisations need to consider the impact they may have on current working practices.

IT staff should try to align security measures with existing software. There are plenty of authentication solutions available that work seamlessly with software like Office 365, meaning medical staff can perform their daily tasks without distraction.

Back Data Regularly

It doesn’t matter what industry you work in, backing up data should be a habit. You want to save any sensitive data and documents in at least one other location. It can be physical or virtual, like a hard drive or cloud system, but the key is to store information in separate, secure places.

Being the victim of a healthcare cyber attack can be devastating, but with a backup, you’ll be able to recover lost data and patient records much quicker. Otherwise, the hacking attempt might have a crippling effect on your organisation.

 Microsoft:      Infosecurity Magazine:   Swivel Secure:    BBC:     BBC:    NCSC:   

Health Tech Zone:      Center for Internet Security

You Might Also Read:

A Hospital Hack Caused A Patient To Die:

 

« Swatters Hack Smart Devices
Fallout From The SolarWinds Breach Widens »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Ripjar

Ripjar

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

SentryBay

SentryBay

SentryBay is the global leader in preventative endpoint isolation protection. We protect remote, BYOD and corporate endpoints so they can safely and securely connect with your corporate network.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

Melius Cyber Security

Melius Cyber Security

Melius Cyber Security has developed a world-leading SaaS platform, Cyber Safe Plus, built around continuous assessment and improvement through vulnerability scanning and penetration testing

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.

Cassini

Cassini

Cassini Cyber Threat Intelligence (CTI) helps protect your organisation from cyber attacks using threat intelligence from trusted New Zealand agencies.