The Hacking Of Hospitals Highlights Ransomware

The Hacking Of Hospitals Highlights Ransomware


Directors Report: This article is exclusive to Premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.


The number of ransomware attacks on healthcare organisations is increasing significantly and more needs to be done to up-date and continually improve their cyber security.

Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even minutes of down time can have deadly consequences and have become ominously frequent.

The number of ransomware attacks on healthcare organisations increased 94% from 2021 to 2022, according to a report from the cyber security firm Sophos and two-thirds (66%) of healthcare organisations were hit by ransomware attacks last year, up from 34% in 2020.

More than two-thirds of healthcare organisations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.

Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021.The new industrial age of the Internet came way back in the 2000’s and has only strengthened its presence in the age of man since then. The COVID-19 pandemic proved a great benefactor to online activity as people began spending more and more time on the internet, on social media and other websites and those new to the connected online world had to embrace it on some level. 

Now that a large number of people across the world have access to the Internet and go online frequently, be it on Twitter, Instagram or Facebook, the menace of cyber-bullying or online bullying is something we all should know and be vigilant about, irrespective of whether we have experienced it or not. Just as bullying in real world requires someone trying to hector a seemingly calm and timid person face-to-face in places like schools and colleges, cyber-bullying takes place in the online world through social media and gaming platforms, chat groups etc. 
It is a repeated, deliberate online behaviour to scare, shame or threaten someone online. A few ways this is done online include using abusive or threatening language in messages, sending images or videos to hurt or threaten someone, posting embarrassing photos or videos of the targeted individual on social media, using fake accounts to impersonate others and sending harmful or vulgar messages to others on their behalf. 

As described in McAfee’s 2022 Cyberbullying in Plain Sight Report, 85% of Indian children reported being cyberbullied as well as having cyberbullied someone else at rates well over twice the international average. 
“According to Indian parents, 42% of children have been the target of racist cyber-bullying, strikingly 14% higher than the rest of the world at 28%. Extreme forms of cyber bullying has been reported besides racism. And they include trolling (36%), personal attacks (29%), sexual harassment (30%), threat of personal harm (28%) and doxing (23%), all of these at almost double the global average. 

India also reported prominent acts of cyber bullying such as spreading false rumours at 39%, being excluded from groups and conversations at 35% and name calling at 34%. Indian children witness and experience the maximum cyberbullying on almost every social media and messaging platform. 45% of Indian children said they hide their cyber-bullying experiences from parents, perhaps due to the relative absence of conversation.”, said the report. 

As the healthcare sector continues to offer life-critical services while working to improve treatment and patient care with new technologies, criminals and cyber threat actors look to exploit the vulnerabilities that are coupled with these changes. 

The healthcare sector is under competing pressures to remain open to the public while also ensuring its own cyber security. The latter is easier said than done. The industry suffers from a lack of resources compared to commercial alternatives, which often have highly compensated, well-trained, and vetted individuals taking care of their security. On top of that, a lot of hospitals are short-staffed today, as many have gone through a tremendous amount of turnover due to the pandemic. 

Hospitals and health care systems have become a major target for hackers. The announcement that LifeLabs, Canada’s largest medical testing company, paid a ransom to retrieve the data of 15 million patients is just the latest in a string of cyber attacks aimed at stealing data or extracting money from health care organisations.

According to IBM Security's annual Cost of Data Breach Report. IBM looked at looked data breaches from March 2021 to March 2022. A healthcare data breach now comes with a record-high price tag, to the tune of $10.1 million on average. That’s up 9.4% from the same timeframe a year earlier. Healthcare has had the highest breach-related financial damages for 12 consecutive years, according to IBM's report. The average breach in healthcare increased by nearly $1 million and the cost has jumped 41.6% since the 2020 report. 

Healthcare data breaches have been rampant over the past several years. Just over the last decade, there have been over 2.5k data breaches with millions of records being affected. 

While the healthcare industry has always been a target of threat actors and particularly ransomware groups because of a lack of cybersecurity funding, 2022 has already shown a sharp increase in the rate of breaches.
The healthcare industry is plagued by a myriad of cyber security-related issues. These issues range from malware that compromises the integrity of systems and privacy of patients, to distributed denial of service (DDoS) attacks that disrupt facilities’ ability to provide patient care and ransomware attacks because of the vast amounts of patient data that can be hacked by criminals.

The number of ransomware attacks on US healthcare organizations increased 94% from 2021 to 2022, according to one report and the US government has warned that hospitals across the US have been targeted by an aggressive ransomware campaign originating from North Korea since 2021. 

Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even minutes of downthttps://www.cybersecurityintelligence.com/breachquest-8011.htmlime can have deadly consequences, and have become ominously frequent.

The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020. Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021. “The current outlook is terrible,” said Israel Barak CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”

In 2021, a lawsuit filed by the mother of a baby who died in Alabama alleged the first “death by ransomware”, blaming a 2019 hack of a hospital for fatal brain damage of the newborn after heart rate monitors failed.
The possibly devastating consequences for medical facilities may be one of the reasons hackers have identified them as a high-profile target.  “The North Korean state-sponsored cyber actors likely assume healthcare organisations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” said the advisory from the Cybersecurity and Infrastructure Security Agency (CISA).

CISA advises hospitals against paying ransoms, but providers often feel they have no choice, said Barak. In 2021, 61% of healthcare organisations that suffered a ransomware attack paid the ransom, the highest percentage of any industry sector. “When lives are at stake, it makes the decision very easy,” Barak said. “These attackers have identified medical organisations as very, very good targets because they are more likely to pay.”

Attacks are typically carried out by private groups of criminals, experts say: in the third quarter of 2021, 30% of ransomware attacks on healthcare entities were carried out by Conti, a crime syndicate thought to be based in Russia, according to an industry report from cybersecurity firm BreachQuest. But this North Korea incident is an example of a state actor orchestrating ransomware attacks on health care organisations.

The healthcare industry has been hit by a perfect storm of factors that have escalated the ransomware problem, experts say: patient information is increasingly being digitised as hospitals struggle with small internet security budgets.

In 2009, the Obama administration passed a bill requiring all public and private healthcare providers to adopt electronic medical records by 2014, resulting in a massive migration of paper patient records to online systems. 
But today, just 4-7% of the average healthcare provider’s annual IT budget is focused on cybersecurity, the BreachQuest study said. “Healthcare providers have gone through massive digital transformation in a very short amount of time,” said Hank Schless, senior security expert at the cybersecurity firm Lookout. The move was accelerated by the pandemic, he added, as more providers shifted to telehealth to connect with patients during lockdown and hospital staff were stretched thin by the influx of sick and dying patients.

CISA has advised a “3-2-1 backup approach” for healthcare entities, including saving three copies of each type of data in two different formats, including one offline. 

But the agency’s advisory to hospitals is “somewhat unhelpful”, said Vincent Berk, chief security officer at the cyber security firm Quantum Xchange, offering generic recommendations about securing data with little clear path to doing so. “The issue with this attack, and any other ransomware attack, is that the cure doesn’t really exist,” he said. “In other words, if it happens, it is already too late.” Legislators in the US are attempting to fill in those gaps. In May, Senator Patty Murray of Washington led a hearing on strengthening cybersecurity in the healthcare and education sectors, saying that the US “needs to address cyber security attacks and ensure they are treated like the national security threat they are”. “These kinds of challenges don’t just cause major headaches, lawsuits, and expenses for hospitals,” she said. “They put patients in danger. They undermine our national security. And in some cases they even cost lives.”

In March 2022 the US Senate introduced a bipartisan bill called the Healthcare Cybersecurity Act, which would direct CISA and the Department of Health and Human Services (HHS) to collaborate on a plan to bolster cyber security measures among healthcare and public health organisations. Those measures would include cyber security training to employees of health organisations and authorise studies from CISA to identify risks in the industry.Experts say such legislation is more urgent than ever. “There’s zero deterrence right now,” Barak said. “Until we find a more effective way to tackle this issue, I am afraid the outlook is not looking good.”

The Dark Web has opened the opportunity for anybody with basic operator skills, the capacity and the wherewithal to engage in healthcare hacking. 

You don’t even need to be a talented high-level hacker anymore. You can just subscribe to services that enable you to hack and gain insight into these types of organisations. At the higher level, there are organisations throughout the world that engage in healthcare hacking on a much larger scale. The biggest threat is probably nation-states such as North Korea and China that have taken aggressive steps to create entities within their own organisation for counter-intelligence efforts. Russia has even allowed third-party entities to take shelter underneath the protection of their organisation. As long as they don’t attack Russian assets, they are more than welcome to be sheltered within Russia and go after other targets.

To protect your organisation, you need to take a risk assessment to determine what assets you need to protect, how well you need to protect them, and where your investment should be. 

Those are the key elements just to get you started. You could do something economically, and then you’re already setting yourself up for some success.
In the US there are  two agencies, Cybersecurity and Infrastructure Security Agency and the Health Sector Cybersecurity Coordination Center under the Department of Health and Human Services, who provide information about attacks and how to build infrastructure to fend them off. CISA and the FBI also have incident response teams.

These cyber threats pose the highest risks to patient and healthcare data:

Phishing:   Phishing is the most prevalent cybersecurity threat in healthcare. Phishing is the practice of infecting a seemingly innocuous email with malicious links. The most common type of phishing is email phishing. Phishing emails can look very convincing, and they usually reference a well-known medical disturbance to incentify link clicking. 

Ransomware Attacks:    During a ransomware attack, malware is injected into a network to infect and encrypt sensitive data until a ransom amount is paid. This malicious software is usually injected into a system through a phishing attack. Ransomware attacks are significantly increasing according to an analysis last year. Over 1 in 3 healthcare operations globally fell victim to a ransomware attack in 2020.

The reason for its prevalence is that hackers understand how critical it is for the healthcare sector to minimize operation disturbances. During a ransomware attack, healthcare victims panic, fearing the regulatory consequences that follow the theft of patient data. The prevalence of ransomware attacks is further fueled by the adoption of new technology to automate attacks. Inspired by the implementation efficiencies of the Business as a Service (BaaS) model, hackers have created their own variation called Ransomware-as-a-Service (RaaS).

Data Breaches:    The healthcare industry suffers a massive amount of data breaches compared to other industries to other industries.In 2020, the average number of data breaches that occurred every day in the healthcare sector was 1.76. Protecting health records from unauthorised access is what many health operations struggle with and they don’t go through a proper implementation of its security controls. Such cyber security gaps leave entry points for cyber attackers that continue to threaten the safety of patient care data, despite efforts to mitigate these events with frameworks like HIPAA.

DDoS Attacks:   A Distributed-Denial-of-Service attacks is a flood of fake connection requests directed at a targeted server, forcing it offline. DDoS attacks don't have the same data risks of a ransomware attack, but they do have the same operational disturbance effects. The considerable benefit of DDoS attacks is that they can achieve the same disturbance without having to compromise a network, making them easier to deploy at a much wider scale.

The speed and devastation that's possible with these attacks has led to their adoption of the ransom model. Now, DDoS attackers could force a healthcare organization offline and only discontinue their attack if a set ransom is paid.

Healthcare Organisations Can Improve Their Security 

You cannot address security risks if you do not see them. An attack surface monitoring solution will instantly display all vulnerabilities associated with cloud solutions within a private network. 

  • 60% of data breaches occur via a compromised third-party vendor. In other words, if incident security is mainly focused on internal cyber threats, your security teams have only addressed less than half of the risks that facilitate breaches.
  • Improving the security postures of all third-party vendors involves an orchestrated effort and planning process which should be frequently updated. 

To prevent staff from falling victim to phishing attacks, they should be educated about how to identify common cyber threats.  

For more information, please contact Cyber Security Intelligence.

Refences:

Techjury:   Guardian:    CiseSecurity;  TechTarget

Sophos:    Fiercehealthcare:    IBM:       

ThinkSecureNet:    Politico:      NCBI:  

HealthITSecurity:      Upguard

Times of India:       Thomson Reuters:     
 

 

« Cyber Training And The Skills Shortage
Dutch Town Sues Twitter For Paedophile Conspiracy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

CyberInt

CyberInt

CyberInt’s Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.