Since the beginning of the global COVID-19 pandemic, cybercrime has increased by 600%. It is not surprising, that the healthcare industry was one of the most vulnerable ones to cyberattacks in 2020 and 2021. In fact, the entire situation with the pandemic has fully demonstrated the vulnerability of the healthcare industry. Why did that happen? The answer is simple: today, personal data is one of the biggest assets. The hackers steal millions of medical records and sell them on the dark web.
Let’s see to what extent was the healthcare industry affected by cybercrime in 2020:
– Verizon confirmed that in 2020 data breaches in the healthcare industry increased by 58%.
– According to Interpol, 907,000 spam messages, 737 malware incidents, and 48000 malicious URLs were revealed only from January to April 2020.
– The National Health Service (NHS) lost over $100 million because of the WannaCry ransomware attack
– In 2020 the healthcare industry was affected by at least 1 breach every day caused by ransomware attacks. As a result, more than 27 000 000 patient records were sold by hackers.
– FBI confirmed that in the USA the cybercrime in the healthcare industry rose by 2,473 in 2020, resulting in a $30 000 000 loss.
– According to Check Point Research, cyberattacks on healthcare increased by 45% from November to December 2020. As for countries, by the end of 2020, Canada experienced a 250% rise in cyberattacks targeting the healthcare sector, Germany saw a 220% increase.
Cyberattacks in the healthcare industry are nothing new, hackers have always been attracted by the possibility of stealing and selling valuable data. Why was the healthcare sector hit especially hard in 2020?
1. Patients’ Personal Data; Health System Collapse
As stated above, private data is the main reason for cyber-attacks. The health records contain the most detailed and important personal data possible: addresses and phone numbers, social security numbers, even information on health habits.
Personal data can be sold and resold many times by multiple cyber-criminals.
Moreover, the healthcare industry was significantly overloaded because of the COVID-19 situation. Any interruption or failure could be fatal. As a result, in case of ransomware attacks, hospitals would be more willing to pay a high ransom, in order to restore the system as soon as possible and to continue providing emergency medical assistance without interruption.
2. Vulnerable Networks; Weak Cybersecurity
The healthcare industry is not as protected in terms of cybersecurity as other industries: lack of cyber-awareness among employees, outdated software, vulnerable regulations. At the same time, hackers take advantage of the weak points in hospitals’ cybersecurity. For instance:
– the cybercriminals penetrate the unprotected or poorly secured networks
– when medical institution workers use personal gadgets, connecting them to the hospital network, it becomes even more exposed to the hackers
– multiple IoT devices, used more and more often in healthcare organizations, give easier access to the criminals
The growth of virtual healthcare, the use of IoT, the possibility of using technology is an amazing way of receiving relevant information, providing quick and effective healthcare, and tracking progress in real-time. On the other hand, each connection is a potential possibility for hackers to access vulnerable devices and networks.
COVID-19 doesn’t seem to disappear in 2021, the cybersecurity threats neither. Constant cyberattacks on healthcare and medical institutions are estimated to grow this year even more:
– According to Check Point research, in the first half of 2021 ransomware attacks increased by 102 percent over the same period in 2020
– Now the newest waves of ransomware target backup data, and this tendency will grow in 2021
– Compound cyberattacks will most likely grow steadily in 2021: hackers tend to extract the data before encryption, to start threatening, until the hospital agrees to pay the ransom
– In 2021, the HPH sector is expected to spend $18 billion on cybersecurity.
Cyberattacks are becoming more difficult to detect, avoid, and neutralize. Even though many healthcare organizations recognize the risks caused by cyber-attacks, cybersecurity stays underinvested. As a result, while hackers are often able to penetrate the vulnerable networks in seconds, for some organizations it can take weeks to identify the breach, minimize the damage, and prevent it for the next time.
Anyway, recognizing the huge financial, reputational, and even vital impact caused by data breaches, more and more health organizations pay attention to cybersecurity. Here are some basic ways to improve it:
- Cybersecurity culture/education:
First, each employee must understand that he is responsible for patients’ data protection: criminals often target personal devices to penetrate companies’ networks. This should be emphasized in every cybersecurity training organized by the company. Ransomware attacks are the most common and dangerous form of cyber-attacks. Training the employees to detect and avoid malicious emails and potential ransomware attacks is one of the most important steps towards the company’s security. Employees must understand that even if such emails are not infected, they contain messages urging the users to click malicious links.
Besides, each medical organization must have a thoroughly and comprehensively designed cybersecurity protocol, and all the employees should adhere to it.
2. Use strong passwords:
According to various researches, most data breaches occur because of weak passwords. Often healthcare institutions try to avoid using sophisticated passwords, which are difficult to use and to remember. However, it is important not only to use strong passwords but also to update them regularly.
Using comprehensive password management tools could also be an important solution.
3. Stay proactive and vigilant — backup:
Want to restore your files quickly? Back up them regularly! Usually, it is recommended to follow the “3–2–1” backup rule: storing data in 3 different places, on 2 types of storage, keeping 1 copy offsite.
4. Secure the mobile devices:
For many medical workers, using mobile devices at work helps to provide quick and quality medical care. On the other hand, storing data on mobile devices and connecting them to the hospitals’ network can cause a big threat and increase the risk of malware infections.
First, it is important to acknowledge that hackers target primarily the end-users, so organizing appropriate trainings and boosting fundamental digital hygiene practices could save the situation.
IT professionals must constantly monitor all the authorized and unauthorized devices connected to the network.
In addition, using data encryption is the best way of securing the data stored on wearables and local networks.
5. Zero-Trust approach (a.k.a. “perimeterless security”):
Shifting to zero-trust security framework is an important step towards data security and data breach prevention. The Zero-trust approach means that companies should nod trust any users or devices outside and inside their networks, even if those were validated previously. Any connection should be verified every time before accessing the local network.
6. Install anti-virus software:
Investing in trusted anti-virus software is critical… only if you update it constantly, to stay protected against the latest cybersecurity threats!
As we could see above, today increasing cyber-hygiene is important more than ever. At the same time, recent studies show that hackers are bypassing even the best firewalls and anti-viruses. With the newest raging ransomware attacks, patient records are stolen, sold, and used for various reasons.
Even if hospitals use all the necessary tools to prevent data breaches, is there any way to protect the data…after it was stolen? The answer is YES. With a new groundbreaking software called Fragglestorm™, you will augment your cybersecurity landscape and make any data useless to hackers! Fragglestorm™ will reinforce any perimeter and encryption tools to protect any data no matter where it resides!