The Healthcare industry has featured in the top 5 industries attacked by cyber criminals for a number of years now. The WannaCry ransomware attack in 2017 affected many health trusts across the world and the age of cybercrimes in the healthcare had started from there. So why would anyone want to attack healthcare and what are the threats?
2021 was a very difficult year for healthcare when it came to cyber attacks and developing cyber threats. According to the TrapX Security 2021 Healthcare Cyber Breach Research report, “the nature of the threat continues to diversify into a greater variety of complex attacks promoted by sophisticated and persistent human attackers. These attacks against hospitals and medical organisations are still driven by the lucrative economic rewards for organised crime. Medical records are among the most complete set of records available and, hence, are in demand for a variety of reasons.”
In October Minister for the Cabinet Office and Paymaster General of GB warned that the NHS was at risk of cyber-attacks, saying that hacking is “no longer the stuff of spy thrillers and action movies” but a clear and present threat and large quantities of sensitive data held by the NHS and the Government is being targeted by hackers.
A report on the Deep Web black market for electronic health records (EHRs) by researchers affiliated with the Institute for Critical Infrastructure Technology pointed out that “healthcare systems are relentlessly and incessantly attacked by different types of attackers.”
One of the reasons that medical networks remain vulnerable is that many legacy systems and devices lack the ability to be updated and patched, yet are connected to networks. Or the updating of systems, often via patches provided free from operating system vendors, is not seen as a priority by senior managers and something “IT are responsible for”. It therefore doesn’t matter if the newer devices are completely up to date as the organisation’s “Internet of Medical Things (IoMT)” becomes vulnerable to its weakest link.
Medical records, especially but not exclusively in the USA, by dint of their comprehensive nature, sell for hundreds of dollars on the Dark Web and there is no shortage of them. According to the IB Times last year, a hacker claimed to have broken into multiple healthcare databases across America and listed a fresh trove of 9.2m records on a Dark Web based marketplace for 750 bitcoin (£368,000). The vendor, using the pseudonym ‘The Dark Overlord’, claims the plaintext 2GB database includes names, addresses, emails, phone numbers, date of births and Social Security Numbers (SSNs) belonging to 9,278,352 Americans.
However, for those compromised, many don’t realise that their records can be sold repeatedly by the criminal networks operating in the Dark Web and that this could cause long term problems. Information that is contained in medical records can be used for many different types of identity fraud and phishing attacks and because of its comprehensive nature, the threat from these can persist for many years.
In Europe, the attack vector seems to be different to the USA and attacks are mainly via ransomware. Trying to extort money from vulnerable hospital trusts rather than individuals. European hospitals reported 2000 cyberattacks in 2021, according to data obtained by the BBC from NHS Digital, who oversees cyber security.
Oliver Farnan from the Oxford Cyber Security Centre, said ransomware attacks had become more common and ‘The risk is going to increase’.
Given the specifics of the health sector, the data protection system should function as clearly and invisibly as possible in order not to distract hospital staff from their direct responsibilities and enable them to focus on providing the highest quality services to their patients.
Under the laws of most countries, the disclosure of information about a person's health is an invasion of privacy and is subject to administrative or even criminal prosecution. At the same time, healthcare institutions should keep archives of medical records of all patients, while ensuring an adequate level of protection of personal data. Under such operating conditions, the protection of information comes to the fore and requires a special approach.
DLP-system is able to quickly and efficiently control the available data. For example, SecureTower from Falcongaze will minimize the likelihood of both accidental and deliberate information leakage, and a friendly interface will allow even a non-specialist to fully use the system. Also, the system will instantly notify authorized persons about violations of security policies established in companies.For example, thanks to the use of SecureTower in the Endocrinology Clinic, it was possible to build an effective information security system, solve the issues of control over document circulation, and organize control over the work of employees. Especially during a pandemic, the work of SecureTower made a significant contribution to optimizing the clinic's work processes, and technical support specialists promptly helped in deploying the system.