Researchers at internationally renowned cyber-security vendor, Check Point have reported a surge in cyber-attacks targeting healthcare organisations across the globe.
Since the beginning of November 2020, researchers have documented a 45% increase in cyber-attacks targeting healthcare organisations worldwide, placing the healthcare sector at the top of the hit list for cyber criminals, when compared to all other industries.
Surge in cyber-attacks on the healthcare sector
The surge in cyber-attacks on the healthcare sector was double the increase in cyber-attacks on all other industries during the same time period, as researchers marked only a 22% increase in attacks on all other sectors outside of healthcare.
The increase in cyber-attacks involves a range of attack vectors, including ransomware, botnets, remote code execution and DDoS attacks. Ransomware showed the largest increase and poses as the most significant malware threat to healthcare organisations, when compared to other industry sectors.
Cyber-attacks in global regions
Cyber-attacks on the global healthcare sector are simply getting out of control"
The surges in cyber-attacks on healthcare organisations occurred mostly in Central Europe (+145%), followed by East Asia (+137%), Latin America (+112%), Europe (67%) and North America (37%). As for specific countries, Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Spain saw a doubling in ransomware attacks on its healthcare sector.
Omer Dembinsky, Manager of data intelligence at Check Point said, “Cyber-attacks on the global healthcare sector are simply getting out of control. This is because targeting hospitals equates to fast money for cyber criminals. These criminals view hospitals as being more willing to meet their demands and actually pay ransoms. Hospitals are completely overwhelmed with rises in coronavirus (COVID-19) patients and recent vaccine programs, so any interruption in hospital operations would be catastrophic.”
Rise in ransomware attacks
Omer adds, “This past year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cyber criminals hungry for more. Furthermore, the usage of Ryuk ransomware emphasizes the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign, which allows the attackers to make sure they hit the most critical parts of the organisation and have a higher chance of getting their ransom paid.”
Security tips for healthcare organisations to counter cyber-attacks:
- Look for Trojans – Ransomware attacks don’t start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a Trojan. Often this Trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should look out for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions, as these can all open the door for Ryuk ransomware attacks.
- Raising guard on weekends and holidays – Most ransomware attacks over the past year have taken place over the weekends and during holidays, when IT and security staff are less likely to be working.
- Use anti-ransomware solutions – Although ransomware attacks are sophisticated, anti-ransomware solutions with a remediation feature are effective tools that enable organisations to revert back to normal operations in just a few minutes, if an infection takes place.
- Educate employees about malicious emails – Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link, or to supply specific details. User education to help identify these types of malicious emails is often considered one of the most important defenses an organisation can deploy.
- Patch virtually – The federal recommendation is to patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, it is recommended using Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps organisations stay protected.