As if the healthcare industry wasn't dealing with enough stress and disruption right now, it's also getting hammered with cyberattacks like spear phishing and ransomware. Some criminal groups have promised to avoid targeting healthcare organizations during the COVID-19 crisis, but most are still willing to attack.
Increasing numbers of healthcare providers in the United States and Europe have fallen victim to cyberattacks, and many of them have been linked to Maze ransomware. This ransomware will not only encrypt data, but it will exfiltrate that data to use in a “backup” extortion attempt. If the victim refuses to pay the ransom, the group behind the attack threatens to publish the private data.
The healthcare industry has been a favorite target for years because criminals have multiple ways to monetize the attack:
- Disruption of IT services can slow operations to a fatal pace. Criminals are betting that a ransom will be paid, especially during emergencies when normal operations require greater urgency.
- Exposure of protected (or personal) health information (PHI) and electronic health records (EHR) can be devastating to organizations and individuals. Criminals who exfiltrate data from the organization can then threaten to publish it if a ransom is not paid.
- PHI and EHR are valuable to other criminals and can be sold for a higher price than a credit card or social security number. Criminals can also keep these records for their own identity-theft schemes.
- The worldwide response to the novel coronavirus, COVID-19, has criminals trying harder to get into networks. Any information on a possible cure or vaccine would be of great interest to private buyers and other governments. Research labs, testing facilities, hospitals, and the World Health Organization are just some of the targets we've seen so far.
Types of attacks against healthcare organizations
Spear phishing: This attack works well and is often the first attempt to get into a company's system. This is not a new type of attack, but the pandemic has provided a lucrative new way to bait victims. People are anxious to get information about the pandemic and the economy, so they are more likely to open and act on an email message related to COVID-19. Healthcare organizations may also be targeted with messages about protective equipment, testing kits, and other supplies.
Ransomware: This is an attack that many cybercriminals love. This malware encrypts data in a way that blocks users from being able to use their files, databases, and other computer systems until they pay a ransom. This is an old attack, but it continues to evolve and present new challenges for healthcare organizations. Cybersecurity Ventures predicts that ransomware will attack a business every 11 seconds by the end of 2021.
Malware: Not all malware is ransomware. Bots, spyware, rootkits, and viruses are all examples of malware that doesn't make any demands for ransom. These attacks still cause damage, cost their victims money, and can eventually lead to other attacks including ransomware. Healthcare organizations and other companies that fall victim to malware infections can experience system problems, data loss, and slower network response due to bots or other malicious traffic.
What you can do
- Maintain strong network security with advanced features like intelligent perimeter protection, user identity awareness, application control.
- Deploy multiple layers of email protection to defend your organizations against spear phishing and malware attacks. Include email backup and archiving for data protection, and configure data leak protection to stop critical data from leaving your business via email.
- Provide a regular cadence of security awareness training for your users.
- Evaluate your backup strategy and confirm that it meets your current needs and is capturing all of the data being generated by the new remote workforce.
- Consider providing a cloud-based web security solution that will protect users from malicious websites and file downloads.
- Enforce best practices when it comes to patch management, password complexity, encryption, and endpoint protection.
Healthcare may always be a target, but your healthcare organization doesn't have to be a victim. With the proper systems and processes in place, you can keep your company protected from cyberattacks.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.