The global healthcare sector is taking a big hit as the main target for malicious cyber threats. At CTRL Group we’re seeing how criminal behaviour is shifting its attention with the current crisis. Exploiting overstretched staff at a medical facility or pretending to be a healthcare organisation and spreading malware to the public are just some of many examples.
In Australia alone, over 45 cyber incident reports related to COVID-19 were made between March 10 and 26 to the Australian Cyber Security Centre (ACSC). These include phishing emails and text messages from made-up health institutions, such as ‘Australia HealthCare’ (ACSC’s warning).
In the period of just four weeks we’ve seen high-level attacks on healthcare organisations all around the world:
- Czech Republic’s Brno University Hospital is the country’s second largest hospital and one of it’s biggest COVID-19 testing laboratories. They experienced a network attack forcing them to shut down their entire IT network, postpone urgent surgeries, and re-route new patients. (Source)
- The World Health Organisation (WHO) had an attempted attack on their system. A malicious site mimicking the organisation’s internal email system was set up in order to take the password details from staff. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled,” said WHO’s Chief Information Security Officer, Flavio Aggio. (Source + WHO’s warning)
- UK’s Hammersmith Medicines Research (HMR) is an important laboratory where drug trials are carried out for treatments such as the Ebola vaccine. Despite failing to bring down the network with ransomware, the attackers were successful in gaining access to thousands of personal medical details of former patients. (Source)
- The US Department of Health and Human Services (HHS) experienced an overload of their servers with millions of hits over several hours, though the attackers didn’t succeed in slowing the agency’s systems significantly.
- The Paris hospital authority (AP-HP) had a failed cyberattack that was aiming to disable hospital services by overwhelming computers. Security experts successfully handled the attack.
The healthcare industry is propped up by technological architecture. The digitisation and accessibility of health records, medical bills, data for treatment and analytics are all crucial. Right now, efficiency is a matter of life and death.
“Information security leaders in the healthcare industry will face increasing risks as hackers try to capitalise on the fear and urgency of this complex situation.”
Hospitals and healthcare providers however will find comfort in knowing that the industry has a great number of cybersecurity providers who are up to the task of securing their organisations and helping them focus on what matters. CTRL Group stays very close to the action of the ever-shifting cyber threat landscape. We have a range of tailored and agile security services on offer that will quickly address critical risks within your organisation. In particular, to strengthen your security posture against healthcare cyber incidents.
We want you to take away these following key points to prioritise your cyber hygiene:
Secure Patient Data
With over half a million cases around the world, the growing number of patients will add to a growing database that is appealing for cyber hackers. Safeguard your patient data with encrypted systems, and work with both employees and patients to ensure they use multi-factor authentication, especially when accessing a patient portal or the hospital network through personal devices. Monitor your organisation’s IT network for any breaches, and train your staff on the basics of phishing techniques. This includes a message being sent from a public or misspelt domain name. Look for poor spellings in the message and avoid clicking any link or file attached.
Monitor and Safeguard Equipment
Core equipment that is connected to the hospital’s network, including ventilators and other life support systems, should be highly guarded. Ensure that you have strong monitoring capabilities enabled and an incident response plan in the case of a cyber-attack. An ML-based SOC/SIEM solution that is monitored 24/7 is the best approach hospitals can take to identify breaches in realtime and rapidly coordinate their response.
Update Endpoint Protection
Ensure that all software and security systems are up to date. Automating this process will ensure that there isn’t a moment of exposure for your system. Don’t forget your mobile and BYOD fleets.
Augment Your Capabilities
Working with a cybersecurity provider that can effectively step in and increase your IT departments bandwidth is highly recommended. Your security partners can help you address operational tasks faster, respond to cyber incidents rapidly, share the workload and give your IT department the capacity to address many other operational priorities.
Secure Your Network, And Test It
Wrapping key controls around your network are critical in fending off external attacks. If you are unsure about the efficacy of your controls, test them and make sure you address key vulnerabilities identified. CTRL Group can run a web application test, external test, internal test and an operational test to exploit weaknesses in your controls and systems.
“All around the world we are reliant on these healthcare organisations for their services in this crisis. It is our obligation to keep them safe and secure from malicious actors.”
Unfortunately, human behaviour is irrational and the very same people risking their lives to save those in need are also exposed to risks posed by hackers. Information about patients, treatments, and medical devices will be targeted. This is an unfortunate reality that we have to currently battle.
We welcome any enquiry from healthcare providers to discuss how we can boost their security posture in these urgent times. Hope everyone is staying safe and we extend our deepest gratitude to healthcare workers.