The healthcare sector has long been the victim of choice for cyber-criminals. Those with ill intent have exploited the sensitive nature of healthcare data and operational workflows to extort service providers for financial gain. There have been many high-profile cyber-attacks on hospitals over the past few years which have left the healthcare industry battered and bruised.
An increasingly common mode of attack is the use of malware, and more specifically ransomware, either to extract personally identifiable data or disrupt operations. These attacks are often sophisticated in nature, with users being sent seemingly harmless files or links via email which then install malware enabling hackers to gain control of parts of the IT system. Hackers will then blackmail the hospital or healthcare provider, claiming they will turn off vital support systems if they don’t receive a payment. As these care-giving institutions quite literally have patients lives in their hands, it is often hard to refuse payment.
Earlier this year the US Government claimed that North Korea had been behind a string of cyber-attacks on Healthcare facilities and Hospitals around the US. The FBI treasury department, and The Cybersecurity and Infrastructure Security agency issued a joint statement where they alleged that a North Korean state-sponsored cyber threat targeted heath facilities across the US. It is said the attackers used a ransomware called Maui to encrypt servers utilised by healthcare services, which included electronic health records, imaging services and others.
But it isn’t just the US that experiences these high-profile cyber-attacks on hospitals. In August 2022, the National Health Service (NHS) in the UK announced one of their IT suppliers had been infected with a ransomware virus, which had caused widespread outages across the NHS’s network. The attack was said to have targeted systems used for ambulance dispatch, emergency prescriptions, out-of-hours appointment booking and more.
Why do hackers target healthcare facilities?
Healthcare establishments have become prime targets for cyber-criminals over the years, mainly due to the large volume and sensitive nature of the data they hold. Hospitals and other healthcare service providers hold huge quantities of personal data, everything from social security numbers to financial data, contact details and private healthcare records.
This data has long term value; either for use in identify theft, for account access or even just for blackmail. A recent example of this is when hackers compromised the infrastructure of plastic surgery firm The Hospital Group and threatened to release almost 1TB of private surgery images.
Malware attacks reach 2.8 billion in first half of 2022
Most attacks on healthcare institutions are financially motivated. According to Chainalysis hackers behind ransomware attacks in 2021 made upwards of $731 million. The use of malware has seen a significant increase in recent years, with some sources estimating there have been 2.8 billion malware attacks in the first half of 2022 alone.
According to a 2022 Sophos report, ransomware attacks on healthcare targets almost doubled last year, with two-thirds of respondents having experienced an attack in 2021. Unlike some other industries, a ransomware threat to healthcare also carried a heavy emotional burden, with hackers exploiting the existential element of the threat.
Perhaps the most common ways for attackers to infect a computer or network with ransomware is via email attachments. Employees are often unaware of the threats potentially contained within unsolicited emails and hackers use this vulnerability to exploit unsuspecting victims.
The complex nature of the healthcare industry also makes supply chain exploits a popular attack vector, with smaller product or service providers used as a point of ingress to larger institutions with deeper pockets. The 2019 Quest Diagnostics data breach is a classic example, where over 20million personal and payment records were stolen over an 8-month period from a company that provided billing services to the US healthcare sector.
US suffers medical data breach pandemic
A recent Comparitech data breach study revealed a worrying trend amongst US medical institutes. Between Jan 2009 and June 2022 over 342 million medical data records have been leaked. In many cases, the breached data led to the exploitation of sensitive information, placing both patients and healthcare facilities at risk.
In 2020/21 the US healthcare sector suffered more than 1,500 breach incidents, with hacking becoming the most common cause (accounting for 40% of breaches from Jan 2021 to June 2022). Whilst the frequency of attack is on the rise, the severity of breach, at least in terms of the volume of records involved, seems to be reduced.
The Anthem breach of 2015 remains the largest to date, with a spear phishing attack responsible for compromising almost 79 million records. There have been other notable breaches, including Premera Blue Cross (also in 2015), Optum360 and LabCorp all suffering the loss of over 10 million records.
Adopting a zero-trust approach to data and network security
The threat landscape is constantly evolving, with the frequency and complexity of attack on the increase. Adopting a prevention-only approach to network and data security is unlikely to provide a sufficient level of protection. Breaches are almost inevitable, so “border controls” also need to be reinforced with robust data encryption policies to protect the data in the event of unauthorised access.
Traditional anti-malware and anti-ransomware solutions are no longer fit-for-purpose as they are dependent upon the pre-disclosure of a threat. They are ineffective against non-disclosed, signatureless or zero-day attacks. To combat these effectively, modern solutions need to adopt a zero-trust approach to content security, enterprise-wide.
How can we help?
Votiro Cloud leverages patented, next gen CDR anti-malware technology to proactively protect your files from the most advanced, persistent cyber-attacks. It sanitises incoming, shared and stored files, enterprise-wide; eliminating the risks associated not just with known threats, but with undisclosed cyberattacks and zero-day exploits. At the same time, it preserves 100% of original file content and functionality, without disrupting user workflows.
Senetas designs, develops and manufactures certified, high assurance encryption hardware to protect all types of data moving across today’s multi-layer network infrastructure. Cyphernet encryptors are used to protect sensitive data, metadata, video and voice traffic in transit across high-speed networks up to 100Gbps bandwidth, without compromising network performance.