Attacks Targeting the Healthcare Industry Grow Increasingly Severe

Healthcare providers are under enormous pressure to both deliver care and defend against cyberattacks. Last week, providers in the U.S. experienced an unprecedented level of attacks targeting healthcare systems. Hopefully, with investments being made, the healthcare industry takes the steps they must to improve their security defenses.

  • Healthcare providers are under enormous pressure to both deliver care and defend against cyberattacks.
  • Last week, providers in the U.S. experienced an unprecedented level of attacks targeting healthcare systems.
  • Hopefully, with investments being made, the healthcare industry takes the steps they must to improve their security defenses.

Healthcare providers around the world are under tremendous and increasing pressure. In many areas, novel coronavirus infections are rising again, and so are the cyberattacks that target the healthcare providers trying to treat those infections. These pressures follow numerous hard cybersecurity years for the industry. Yet, healthcare organizations are increasing their investment in new technology systems, such as connected medical devices, advanced telemetry, data analytics, and their reliance on cloud systems.

One of the most significant breaches of privacy imaginable

Still, the security of healthcare technology systems, overall, has been demonstrably lacking. The world recently witnessed one of the most significant privacy breaches that it seems unimaginable or at least part of a movie plot: the notes from psychotherapy sessions made public or threatened to be made public by blackmailers. But that’s reality and precisely what happened to hundreds, perhaps thousands, of therapy patients recently in Finland.

According to this Associated Press story, the breach occurred at the Vastaamo psychotherapy center, a subcontractor for Finland’s public health system. Vastaamo said its client register with intimate patient information was likely stolen during two attacks that started almost two years ago,” the Associated Press reported. “The first incursion probably took place in November 2018, and “it is likely that our (data) systems were penetrated also between the end of November 2018 and March 2019,” Vastaamo said in a statement.

Silicon.co.uk reported Vastaamo as saying that the criminals published at least 300 patient records containing names and contact information using the anonymous Tor communication software. “The blackmailer has started to approach victims of the security breach directly with extortion letters.”

It’s reported that the patients received emails with a demand for €200 in bitcoin, or their therapy notes would be made public.

One of the most widespread attacks against healthcare providers ever

Late last week, a joint cybersecurity advisory was issued by the U.S.’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). The agencies are warning about malicious actors targeting the public health sector with the Ryuk ransomware using TrickBot malware, purportedly for financial gain. The attacks come just as cases of the novel coronavirus begin to rise again throughout the U.S.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” the advisory reads.

The advisory warns that “malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.”

You can read the full advisory, including a history of Ryuk and steps for mitigation, here.

According to this Reuters’ story, Building wave of ransomware attacks strike U.S. hospitals, sources told the reporters that the FBI is investigating such attacks in California, New York, and Oregon.

“A doctor at one hospital told Reuters that the facility was functioning on paper after an attack and unable to transfer patients because the nearest alternative was an hour away. The doctor declined to be named because staff were not authorized to speak with reporters,” Reuters reported.

Attacks on hospitals continued. In late September, what was dubbed one of the most severe cyber-attack on a U.S. healthcare facility ever occurred against United Health Services. United Health Services, which has beds and facilities in the U.S. and U.K., suffered an attack that knocked its company-wide networks offline.

No slowdown on healthcare systems during the pandemic

Attacks on healthcare and medical-related facilities seemed to have increased during the pandemic. As Silviu Stahie reported, a study covering 2,391 IT and I.T. security practitioners from the United States, the United Kingdom, Germany, Austria, Switzerland, Benelux, and Scandinavia found “a worrying number of organizations in this field have been targeted over the years, much more than we might suspect” — about two-thirds of healthcare organizations have suffered a security incident.

In my post from January of this year, Black Book Market Research found a much higher percentage of healthcare organizations breached — 93% — and calculated that U.S. healthcare breaches cost that industry $4 billion in 2019. It’ll be a surprise to me if that number isn’t surprised in 2020.

They haven’t all been in the U.S. In mid-2018, attackers breached the Singapore government’s health database. About 1.5 million patients had their data accessed. “The data taken include name, NRIC number, address, gender, race, and date of birth. Information on the outpatient dispensed medicines of about 160,000 of these patients was also exfiltrated. The records were not tampered with, i.e., no records were amended or deleted. No other patient records, such as diagnosis, test results, or doctors’ notes, were breached. We have not found evidence of a similar breach in the other public healthcare I.T. systems,” the Singapore Ministry of Health said in a statement.

In response to the onslaught of attacks, according to Cybersecurity Ventures, the healthcare industry will invest about $65 billion in total cybersecurity spending from 2017 to 2021. With any luck, they spend it well.

Indeed, the Covid-19 pandemic has made the situation more difficult for healthcare providers, and there have been record levels of attacks, data breaches, and impact on care in the industry. But with the investments being made around the world, and the updating of healthcare technology systems, the sector is hopefully taking better steps to secure their networks and build systems that are securable over the long term and take the steps they should have taken at least a decade ago.