Cyberattacks aimed at healthcare providers in wake of COVID-19 increase sharply
As the global death toll from the COVID-19 pandemic inches closer to the 300,000 mark, cybercriminals have made it clear they lack any semblance of having a soul. In recent weeks, cybercriminals have stepped up their attacks against healthcare providers at a time when chaos within those organizations is understandably rampant.
The data that nurses and doctors are relying on to save lives is under constant attack. A recent report from CrowdStrike, a provider of endpoint detection software, finds that intrusions impacting healthcare organizations doubled from the fourth quarter of 2019 to the first quarter of 2020.
Attacking in phases
The CrowdStrike report notes these attacks, as usual, are coming in two phases. First, cybercriminals gain initial access through brute force attacks employing, for example, password spraying techniques that attempt to guess passwords for any internet-facing applications. Once successful, cybercriminals then go to work doing things such as:
- Using PowerShell and BITSAdmin to evade detection while retrieving malicious-purpose tools from external resources
- Employing credential-harvesting tools to extend the potential reach of the attack
- Engaging in defense-evasion techniques such as indicator removal from target hosts to clear logs
- Deploying web shells and PowerShell reverse shells
- Escalating privileges using tools such as Rotten Potato
- Making efforts to identify security software possibly running on a host
These attacks have become especially problematic because many healthcare facilities have rushed to set up temporary hospitals, many of which may not have been deployed with cybersecurity best practices in mind.
It’s not clear how long these temporary facilities will be in use. They were set up to deal with a number of hospitalizations that is not as high as anticipated in many geographic regions thanks mainly to social distancing and stay-at-home orders. Nevertheless, nearly four million cases of COVID-19 infections have been recorded with more to come. A second wave of the disease could create a need to set up these temporary hospitals once again.
Hopefully, by then cybersecurity teams will have had more time to prepare. Unfortunately, funding is likely to be an issue. Many healthcare providers are now strapped for revenue because either elective surgeries were canceled during the pandemic or patients simply put off surgeries for fear of contracting the virus while staying in a hospital. Healthcare providers have been given access to a $175 billion fund by the U.S. Congress, but how much of that money might free up funds to acquire additional cybersecurity tools and platforms is hard to forecast.
There are, of course, plenty of IT vendors more than willing to defer payments for those offerings until 2021. However, even if healthcare providers could get the projects approved it’s not clear if there are enough cybersecurity professionals available right now to implement them.
It’s too early to say how much economic damage increased attacks against healthcare providers might cause. Rules pertaining to the Healthcare Insurance Portability and Accountability Act (HIPAA) have been relaxed during the pandemic but not completely suspended. Any forthcoming HIPAA fines might be light or outright forgiven. What is for certain is the number of cyberattacks aimed at healthcare providers is not likely to abate any time soon, no matter how many fatalities there might be.