Cybersecurity in Medicine

Cybersecurity in Medicine
Datami Newsroom
Datami Newsroom Datami Newsroom
Nov 12, 2024

Time to Assess the Level of Cybersecurity in Healthcare

Or how the pandemic has impacted the security of medical institutions.

The healthcare industry has long been a primary target for cybercriminals. However, since the emergence of COVID-19, organizations on the frontline of the pandemic have experienced an increase in cybersecurity-related incidents and attacks. Cybersecurity in healthcare is indeed becoming a more critical issue.

Between February and June 2020, organizations subject to HIPAA regulations reported 192 large-scale data breaches to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) – more than double the number recorded during the same period in 2019.

While the types of cyber threats faced by healthcare organizations during the COVID-19 pandemic were not entirely unexpected, factors such as the rapid shift to remote work, the expansion of telemedicine, and the additional strain on resources felt by many organizations combined to create new challenges.

For instance, in recent months, some medical organizations temporarily relaxed firewall rules (Windows operating system security) to facilitate additional remote work capabilities. They reduced the number of suppliers or signed new contracts to quickly deploy or expand telemedicine services.

The Evolution of Cyber Threats in Healthcare Due to COVID-19

While the types of cyber threats faced by healthcare organizations during the COVID-19 pandemic are largely similar to those encountered before the pandemic, fraudsters are exploiting the fear associated with it.

The Internet Crime Complaint Center reported receiving 1,200 complaints in March alone related to coronavirus-related cyberattacks, far exceeding the number of complaints received for all types of internet fraud in 2019. 

Authorities have warned that cybercriminals are targeting healthcare agencies, pharmaceutical companies, scientific communities, medical research organizations, local governments, and others involved in national pandemic response efforts.

In addition to attempts to steal information for commercial purposes, hackers may aim to steal valuable pandemic-related information, such as confidential COVID-19 research or details about national and international healthcare policies.

Crafty hackers taking advantage  the COVID-19 crisis represent a global problem. In March, the Canadian Cybersecurity Center warned about malicious hackers targeting their healthcare sector. These attackers aim to gain unauthorized access to intellectual property, research, and development related to COVID-19.

The Czech Republic also faced a series of cybersecurity incidents, including an attack on one of its largest COVID-19 testing centers, which resulted in the center shutting down and redirecting patients to other hospitals. The risks to public health and safety posed by such malicious activities prompted the U.S. State Department to take global action.

Below are several examples of cyber threats during the COVID-19 era, along with practical steps organizations can take to manage cyber risks in today’s increasingly virtual environment.

Ransomware Threats Targeting Medical Organizations

In the early stages of the pandemic, hacker groups promised to protect hospitals and healthcare facilities from their cyber attacks. These 'promises' were short-lived.

In March, hackers used a variant of the ransomware virus known as Maze to attack a UK laboratory that tests COVID vaccines. Maze has the ability to extract files from the system and force the victim to pay a ransom by threatening to publish the data on the dark web. Fortunately, the institution was able to restore its systems, but this did not stop the hackers from forcing it to pay the ransom by publishing thousands of patient records online, including medical forms and copies of passports (the institution itself did not pay anything).

In June, the University of California, San Francisco, reported that it had paid a ransom of $1.14 million after malware encrypted certain servers in its medical schools.   

In response to the ongoing threat of ransomware attacks in the healthcare sector, Microsoft's threat intelligence team has warned hospitals that their network devices and virtual private networks are specific targets as the organization moves to a more remote workforce and therefore faces more cybersecurity threats in the face of remote working.   

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on 22 May, reporting that insecure VPNs will top the list of vulnerabilities regularly exploited by sophisticated cybercriminals in 2020.

REvil is one of the ransomware campaigns that actively exploit these vulnerabilities to infiltrate organizational infrastructure. Once successfully exploiting them, hackers can steal credentials, escalate access privileges, and move laterally within the compromised network, deploying ransomware or other malicious software.

Unlike self-propagating ransomware like WannaCry or NotPetya, which spread autonomously, Maze and REvil are human-operated ransomware campaigns. They incorporate social engineering tactics that exploit users' fear and need for information.

This is why the hackers behind these ransomware strains target organizations most vulnerable to breaches—for example, those that lack the time or resources to assess cybersecurity threats, install the latest updates, upgrade firewalls, or review user access levels in administrative parts of their information networks. During the COVID-19 era, healthcare organizations have proven to be particularly vulnerable.

COVID-Related Phishing Attacks

Cybercriminals conducting phishing attacks via email have exploited fears surrounding the coronavirus, posing as officials from organizations such as the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). Their goal is to deceive users into entering credentials or clicking on links that install malware, capturing sensitive data or locking it behind passwords.

According to Bitdefender, hospitals, clinics, pharmaceutical companies, and medical equipment distributors have been the most frequent targets of phishing campaigns. These emails often claim to offer information on COVID treatments, therapies, or personal protective equipment (PPE).

In fact, American, Canadian, and European organizations rushing to develop a coronavirus vaccine have become prime targets for cybercriminals seeking to steal research data and disrupt medical supply chains in an effort to gain an edge in the vaccine race. This has frequently been linked to state-sponsored hackers.

The U.S. National Security Agency (NSA) has reported that the hackers responsible for this medical espionage include groups known as APT29 and Cozy Bear—the same groups linked to the hacking of the Democratic National Committee's servers during the 2016 election.

Another phishing method, known as voicemail phishing or vishing, targets outdated telephone systems used by some medical organizations. These systems, known as Private Branch Exchange (PBX), automate calls and send voicemail messages to users’ email inboxes to ensure employees don’t miss important messages while working remotely.

In this scheme, attackers spoof messages from PBX systems, informing employees of a new voicemail. To access the message, users are redirected to a website mimicking PBX integration, designed to steal credentials.

Hackers rely on the fact that users often reuse the same credentials across multiple platforms, potentially granting access to personal or confidential information.

Password Spraying (and Credential Stuffing) in Healthcare Organizations

Password spraying is a brute-force attack method in which hackers attempt to gain access to multiple accounts by entering numerous usernames or email addresses into a program that tries to match them with commonly used passwords.

Joint advisories from the Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) warn about this threat targeting healthcare and medical organizations. They recommend users replace any easily guessable passwords with more complex ones, such as those created using three random words.

Credential stuffing involves the automated input of username and password combinations previously stolen—often during past data breaches—to gain unauthorized access to user accounts.

In April, more than 500,000 Zoom credentials, obtained through credential stuffing, were sold on the dark web for less than a dollar or, in some cases, given away for free. 

This led to an increase in large-scale “Zoom-bombing" and other malicious actions compromising video conferencing security. To reduce the risk of such attacks, organizations are strongly advised to implement multi-factor authentication (MFA) and enforce regular password updates for employees.

Tips for Improving Cybersecurity in Healthcare

Update Your Cybersecurity Risk Analysis and Management Plans

Ensure your security risk analysis is updated to reflect the technological and operational changes made in response to the pandemic. Implement all relevant risk management plans to reduce the likelihood of cybersecurity incidents, such as ransomware attacks. 

Specifically, identify potential risks and vulnerabilities associated with the expansion of remote work, the deployment of new telemedicine technologies, and the establishment of additional testing and treatment facilities.

Ensure Full Compliance with Telemedicine Operations

Organizations that deployed telemedicine services in a manner that may not have fully complied with HIPAA standards—according to OCR guidance on security compliance—should ensure that at a minimum, they have followed all recommendations. These include enabling all available encryption and privacy settings, informing patients of potential privacy risks, and establishing appropriate business associate agreements with technology providers delivering cybersecurity services.

In line with the voluntary cybersecurity principles outlined by the U.S. Department of Health and Human Services for healthcare organizations, providers should identify gaps in compliance with HIPAA and other privacy and security laws. Develop a plan to address any vulnerabilities as quickly as possible to elevate cybersecurity in healthcare to a new level.

Review Privacy and Cybersecurity Policies and Procedures

Examine and, if necessary, expand your privacy and security policies and procedures to ensure they adequately reflect current operations, particularly regarding remote work, telemedicine, and any other newly expanded activities. Additional insights from Katten on best practices for remote work are available [here].

Reinforce Employee Training

To ensure employees are aware of their obligations to maintain privacy and security during the COVID era, conduct regular training sessions on your policies and make these policies accessible via the organization's intranet or by email distribution (including tips on protecting email from hacking).

Training should be practical and aligned with today’s virtual environment—covering topics such as using secure collaboration tools, recognizing phishing emails and COVID-related scams, and securely disposing of documents while working from home.

Your Datami

free_consulidation

Fill out the form below, and we’ll get in touch with you right away to discuss a plan to protect your business!

Updated: 16.01.2025
(0 assessments, average 0/5.0)

Related content

Information Security: Types of Threats and Methods of Mitigation Datami Newsroom
Datami Newsroom

Information Security: Types of Threats and Methods of Mitigation

Information security encompasses methods for protecting data from threats that can harm individuals or companies, and it requires continuous improvement due to the evolving technologies of criminals.

Nov 14, 2024
Smartphone Security and Cybersecurity Datami Newsroom
Datami Newsroom

Smartphone Security and Cybersecurity

Smartphone security is important, as the increase in their usage comes with the risks of data breaches, so users should adhere to basic protection rules, such as updating software and using complex passwords.

Nov 14, 2024
What is Penetration Testing, or How Can You Avoid Being Caught Off Guard by Hackers? Oleksandr Filipov
Oleksandr Filipov

What is Penetration Testing, or How Can You Avoid Being Caught Off Guard by Hackers?

Penetration test definition and types. The key steps penetration testers take during different pentestings and how it helps companies improve their overall cybersecurity resilience

Dec 9, 2024
E-commerce has become the new norm in today's digital era Datami Newsroom
Datami Newsroom

E-commerce has become the new norm in today's digital era

E-commerce has become the new norm in today's digital era, transforming consumer behavior and business models as more people turn to online shopping for convenience and accessibility.

Nov 6, 2024
Dangerous Smartphone Apps You Should Delete Datami Newsroom
Datami Newsroom

Dangerous Smartphone Apps You Should Delete

Malicious apps for Android can steal data, track geolocation, and display unwanted advertisements, so it is important to remove them from devices to ensure security.

Nov 14, 2024
Ranking — Top Secure Browsers with VPN Datami Newsroom
Datami Newsroom

Ranking — Top Secure Browsers with VPN

The rating of secure browsers with VPN helps users choose the optimal option for online privacy protection, as modern threats require reliable solutions to ensure security while web surfing.

Nov 14, 2024
Back to home page
Order a free consulidation
We value your privacy
We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy