Dangers of cyberattacks on healthcare organizations

Cyberattacks increase during the pandemic

More and more hospitals fall victim to ransomware attacks

The whole world is struggling to fight the Covid-19 pandemic, but cybercriminals don't care about that and even see a good opportunity to monetize on that. Although few groups have promised to seize ransomware attacks on healthcare organizations a year ago,^[1] others can't help themselves and continue their dirty deeds.

According to sources, the healthcare sector faced more attacks than ever before in the last quarter of 2019. And although the numbers plummeted for the next half a year, they again suddenly increased in September. Emsisoft reports,^[2] that in 2020 560 healthcare providers suffered from a ransomware attack.

The biggest one was executed against one of the largest US health systems – UHS, which has over 400 hospitals and other healthcare facilities in the US. Research suggests that a ransomware attack causes hospitals an average of 15 days of EHR downtime.^[3]

But cybercriminals aren't targetting only hospitals. Attacks on the World Health Organization (WHO), which is vital in the fight against the coronavirus pandemic with its research, reports, advice, and response coordination, have more than doubled. A security expert said:^[4]

Cybercriminals show no ethical boundaries and will continue to attack wherever there could be a vulnerability.

A ransomware attack on a hospital leaves patients and their data at huge risk

Cyberattacks on healthcare institutions aren't a new phenomenon. One report suggests,^[5] that 88% out of all ransomware attacks on different institutions were targeted at hospitals. Ransomware is a type of malware that locks all non-system data. It becomes inaccessible until a necessary decryption software or key is used, which is usually in possession of the assailants.

One of the reasons for such attacks is that threat actors could aim to profit directly from the hospital by encrypting patient files and demanding a ransom. Another reason might be the patient and employee files, as that data is very useful to cybercriminals.

Such files usually contain names, addresses, SSNs, phone numbers, relative information, emails, and all sorts of other details that threat actors behind the attacks could either sell on the black market or use themselves to carry out additional evil deeds such as identity theft.

The main reason why cybercriminals attack healthcare institutions

Healthcare institutions are in need to always see patient details, prescriptions, health history, and other details. When a hospital gets hit with ransomware, it's putting the institution's work to a standstill. That means that planned operations and other procedures couldn't be accomplished, lab results couldn't be accessed, etc. All this is putting patients' health at grave risk.

That's why an attacked hospital usually succumbs to the cybercriminals' demands and pays their requested amount of money, usually via Bitcoin. Evildoers pick hospitals for one more reason,^[6] their staff usually isn't trained on security awareness, and since their goal is to save lives, cybersecurity is overlooked.

Since very few hospitals would revert to using paper records, the cybersecurity level must increase. And it all begins with security awareness training for the staff because most of the cyberattacks are carried out through phishing emails containing contaminated attachments.