With the arrival of the COVID-19 pandemic, hackers rapidly evolved their tactics to exploit the fears escalating amongst the population. This has spurred the need to adopt cyber security best practices for keeping pace with evolving threats, especially in healthcare. Cyber criminals have reframed their phishing attempts to launch targeted cyber attacks by taking advantage of the COVID-19 fears.
Those working on the response have become prime targets. Even the World Health Organization (WHO) and the research firms developing treatments and vaccines for the coronavirus are being targeted. Moreover, as per Becker’s Hospital Review, data breaches cost the healthcare industry nearly $5.6 billion every year.
Major Cyber Attacks on the Healthcare Industry in 2020
It’s widely believed that in 2021 the healthcare industry will continue to be the most targeted industry by cyber criminals. Here are some major cyber attacks targeting the healthcare industry in 2020:
- The year 2020 witnessed the first fatality due to a ransomware attack when a hospital in Germany was hit by a ransomware attack in September.
- The UK National Cyber Security Centre (NCSC) reported that APT29 targeted COVID-19 vaccine development.
- The Universal Health Services (UHS) health system suffered a ransomware attack across its 400 locations in September.
- Data allegedly stolen from five different healthcare entities was posted for sale on the dark web by the hacking groups behind REvil, SunCrypt, NetWalker and Pysa or Mespinoza ransomware variants.
- UCSF paid a ransom of $1.14 million after the NetWalker ransomware affected multiple servers of its School of Medicine.
- In October 2020, DHS CISA issued a warning of an Emotet resurgence, problematic ransomware that has targeted 24% of the most prominent hospitals.
How to Protect Healthcare Institutions Against Vicious Cyber Attacks?
With the pandemic expected to continue into the foreseeable future, the healthcare industry is hounded by several cyber security issues. Cyber attacks on healthcare facilities can have consequences beyond breach of privacy and financial loss.
Therefore, it has become essential for these institutions to take the necessary precautions and get ahead of threats. Here are a few effective cyber security measures that can offer protection against the cyber threats plaguing the healthcare industry:
Enable Multi-Factor Authentication (MFA)
Implementation of MFA on all the applicable endpoints across the enterprise networks is an effective way to get rid of some of the most disastrous vulnerabilities. According to a report by Microsoft, enabling MFA can block over 99.9% of all automated account compromise attacks. With billions of stolen credentials for sale, it has become extremely important to adopt MFA as a basic security protocol. This applies not just to the healthcare industry but everywhere.
Cyber criminals often exploit unpatched vulnerabilities in the IT infrastructure of their target organization to ensure the success of their attempt. Hence, it is imperative to make sure that all the security patches are updated regularly. Overlooking even a minuscule vulnerability in your organization’s security framework can have severe ramifications. Conducting periodic Vulnerability Assessment and Penetration Testing can significantly help you keep your company’s IT infrastructure free from any weaknesses, mitigating the risk of suffering a cyber attack.
Educating your staff about cyber risks and the ways to mitigate them is one of the most effective ways of meeting the challenges posed by the current cyber threat landscape. If every individual on staff is vigilant enough, it will be difficult for the threat actors to find an opening for an attack. Organizations can use innovative cyber security awareness tools like ThreatCop to train employees in the art of avoiding cyber attacks.
Backup Storage and Restoration
The best way to minimize damage caused by a cyber attack is to employ backup, offline storage and restoration. This standard security protocol is especially effective against ransomware attacks. If you are unable to prevent a cyber attack from hitting its mark in the first place, it is essential to have a plan. The next best course of action is to ensure that you have a reliable offline storage and restoration option.
To summarize, cyber security in healthcare is not just about protecting an organization but also protecting those they serve. Consequently, it is extremely important for healthcare providers to enforce strict security policies and keep evolving them according to the changing cyber threat landscape.