By: Nihad Hassan
June 23, 2021
Cybersecurity in Healthcare: Prominent Cyberthreats
By: Nihad Hassan
June 23, 2021
Cybersecurity in Healthcare: Prominent cyberthreats
These days, organizations across all industries utilize digital solutions to facilitate work operations and communicate with customers and other business partners. Healthcare organizations are no exception to this fact.
Technology has changed how healthcare organizations offer their services to the public. However, when talking about cyberattacks against hospitals and medical centers, we are concerned about the security of IT systems. Digital patient's equipment is now a major target for cybercriminals, and attacking it can affect patient safety.
Over the last few years, cyberthreats to healthcare organizations have increased significantly, boosted by the accelerated adoption of digital technology. The broad benefits of adopting automation in health organizations were challenged by increased sophistication and cyberattacks against medical organizations. According to the Verizon DBIR (Data Breach Investigations Report), there was a substantial increase in breaches and incidents targeting the healthcare sector. The raise was about 71 percent compared with 2019.
Cyberattacks against health care organizations and providers could have consequences on patient's lives as seriously as financially. A data breach in healthcare providers costs heavy fines imposed by various regulatory bodies, such as GDPR and HIPAA, as a penalty for non-compliance.
Why are healthcare organizations considered preferred targets for cybercriminals?
Cybercriminals, including nation-state threat actors, target patient's health records because of their importance and sensitivity. Healthcare providers keep a plethora of sensitive information about their patients, which includes:
- Patient's health information.
- Personally Identifiable Information (PII) about patients, such as full name, ID number, social security number, phone, email, and mailing address.
- Patient's financial information such as credit card and bank information.
Stolen patient's health records are sold in the darknet, such as the TOR network, for a high price compared with other stolen information such as credit cards and other PII.
This is because patient's health records can be used in different scenarios such as insurance and fraud. On the other hand, ransomware operators prefer to target health care providers, as the sensitivity of their work and the possibility that patient's lives will become at risk after encrypting their health records make them more willing to pay the ransom quickly.
Medical organizations are not only offering life-critical services to their patients, for instance. Medicine manufacturers and other health laboratories keep top secret information about medical research and innovation, including vaccine development.
Cyberthreats targeting healthcare organizations
Health care providers suffer from the same set of cyber threats faced by organizations working in other industries:
Social engineering (SE) is an attack trying to convince unsuspecting users to reveal important information, such as login credentials, proprietary information, or other PII data. SE attacks utilize psychological tricks to manipulate the target person's mind making him/her surpass the security controls imposed by the enforced IT security policies.
The most important type of attack targeting healthcare providers is phishing. A phishing email is a malicious email that looks originated from a trusted, legitimate entity, such as a business partner or a government agency. It uses different tactics to convince the user to visit a compromised website hosting an exploit kit or ask him to open a malicious attachment containing stealing malware or ransomware.
The main security concern for healthcare organizations commonly exploited by cybercriminals is the prevalent use of legacy systems. Many of them use old IT systems that their manufacturer no longer supports. Examples of legacy systems include old operating systems (e.g., Windows XP and Windows 7) and old applications. Cybercriminals exploit these applications to gain an entry point to the target organization network because it contains many unpatched vulnerabilities and no longer receives any updates. Many organizations still use them because they are too expensive to replace, and the new ones may not work correctly with other old health equipment and applications.
Suppose adversaries succeed in having physical access to the target organization's computer devices. They can execute malicious actions, such as installing malware, stealing confidential information by copying it to a USB drive, or installing a hardware keylogger into one USB port.
Malware is a general term used to describe all malicious computer programs. The most important type targeting healthcare providers is ransomware. Ransomware works by encrypting target computer device files, data, and all connected hard drives. After infecting one device, it will generally propagate across the infected network and spread the infection to all connected devices.
During the year 2020, the attacks cost the healthcare industry $20.8 billion in downtime. It affects 18 million patient records, and hackers were able to collect $2.1 million in ransom payments, according to the Comparitech report.
The Healthcare industry continually offers the best technical services to its patients to enhance offered services and increase patient satisfaction. Applying digital technology in healthcare also comes with a security price. Knowing how to protect patient-sensitive data and health-connected IT systems is crucial to utilize digital technology safely in this industry.