While the hospitals and other healthcare institutions have been overwhelmed by the COVID-19 pandemic, there was another problem many of them had to face.
For example, when the US health infrastructure was pushed to its limits by the virus spikes, they became targeted in waves of ransomware attacks. And similar things have been happening all over the world. Cedric O, France’s minister for digital technologies, said: “French authorities have been monitoring one cyberattack per week against hospitals since the beginning of the year.”
Naturally, the healthcare industry had been attacked by cybercriminals before the pandemic as well. In 2019, a ransomware attack completely paralyzed a Czech hospital, forcing the staff to move patients to nearby hospitals and postpone surgeries. It took almost a month before the hospital was up and running again to the full extent.
On the other hand, the situation has worsened significantly due to COVID-19. As all the major cybersecurity reports show, attacks on healthcare institutions and pharma research centers have been executed at an unprecedented rate. The most common type of attack aimed at healthcare institutions is so-called ransomware.
Ransomware is a type of malware that causes great financial damages and exposure of sensitive information. Its main purpose is to infect a computer and encrypt all the files. The encryption is done using a personalized key that only the attackers can retrieve. After the encryption, users are not able to access their files until a ransom is paid, usually in cryptocurrencies. Frequently, the victims are given a limited timeframe to pay the ransom, after which it is either significantly raised or the files are lost forever or publicized, exposing sensitive information.
The number of ransomware attacks in general doubled last year. Some reports show that global losses from cybercrime skyrocketed to nearly $1 trillion in 2020 with the prospect of getting up to $10.5 trillion annually by 2025. Arguably, the real figures are even way higher than all the striking numbers from various reports, since many companies wouldn’t report the incident and silently pay the ransom to avoid any unpleasant PR backlash caused by putting their customers’ sensitive information at risk.
The healthcare sector is a very specific and profitable target for cybercriminals. The authors of Checkpoint’s Cyber Security Report 2021 wrote: “Cyberattacks on the global healthcare sector are getting out of control because criminals view hospitals as being more willing to meet their demands and actually pay ransoms — and the events of 2020 proved this.”
There are multiple reasons why hospitals are likely to pay the ransom once they have been attacked.
First of all, they possess extremely sensitive information. Not only do their databases contain the personal information of their patients, but they are also linked with their medical history. Naturally, it would be devastating for a hospital if such information was made public due to its insufficient security measures.
Secondly, there is too much at risk. The recent attacks on the Irish health service are considered catastrophic. Once the computers and the medical devices are down, the hospital can hardly operate. Doctors, nurses, and other medical staff simply cannot work with pen and paper at this point. When the important medical devices stop functioning, a cyberattack can potentially have even fatal consequences.
Thirdly, hospitals often have complex infrastructures and not-so-complex cybersecurity measures to properly protect them. Because of this, many of them can be seen as easy targets.
Other reasons are political. For example, North Korean hackers were said to have targeted companies developing COVID-19 vaccines. Marene Allison, the Chief Information Security Officer at Johnson & Johnson, which is one of the companies that have been participating in the vaccine research, said that such healthcare organizations were encountering cyber-attacks by nation-state actors “every single minute of every single day.”
To put it briefly, hospitals are in many ways perfect targets for cybercriminals, despite obvious ethical problems.
Most ransomware attacks utilize the Domain Name System (DNS) at some phase of their operation, which is why many companies and institutions have decided to implement a DNS security service into their security architecture.
We have analyzed data from four hospitals that we protect during a 30-day period between March and April. On average, we blocked 63 requests to access malicious domains per day. When we compared our gathered data with data from previous months, we found out that the number of blocked threats has been continuously increasing. There was a 500% increase in threats from February to March and a 164% increase from March to April.
We have also seen very dangerous spikes. On the 26th of April, for example, we registered a 1003% increase in malicious resolution requests, while the number of safe resolution requests rose by only 88%. Up until now, there are no signs of decreasing tendencies.
COVID-19 brought new cybersecurity challenges to institutions of all kinds. There is a general rise in cyberattacks and even more heavily targeted segments. On top of that, there are completely new challenges such as how to properly protect so many employees, who have been working from home.
The healthcare sector as a whole has been under immense pressure during the whole pandemic. The unprecedented amount and seriousness of cyberattacks targeted at it created a lot of extra pressure and showed that institutions from the industry need to be aware, cautious and take cybersecurity as seriously as ever.