Cybersecurity and Healthcare

When one speaks about the scope of technology, we simply cannot ignore the fruits it has brought to modern medicine. Telehealth and electronic patient/ health record are the latest gizmos circling in the market. With all that’s happening around us, it’s simply no surprise that innovation is guiding healthcare into a more secure tomorrow.

However, despite such positive rates of digital transformation, the sector is vastly exposed to an array of systematic risks. Although this is much accounted for due to the movement of information to virtual and cloud systems, it is still a source of worry.

What’s an even larger source of concern is that is that is not something new. Healthcare systems have been facing security lapses since many years in fact, ever since the industry become increasingly integrated with sophisticated technology adoption.

The advent of pandemic is bound to stir this inherently disturbing activity even more so as more and more industries become forced to shift operations to the cloud.

For example this December, third-party vendor, Dental Care Alliance recently begin notifying hundreds of its clients that a near monthlong system hack potentially breached the protected health information and payment card numbers of 1 million patients. This breach is roughly the second-largest incident in the healthcare sector in 2020 alone, with the Blackbaud ransomware attack leading it.

The reason behind such attacks is astonishing to a few, but the reason cybercriminals are increasingly going after hospital data is because healthcare records are worth more on the market than social security numbers and even credit card information.

A report conducted by Wandera analyzed a subset of healthcare organization’s data base, which included tens of thousands of users such as hospital workers, hospice care providers and medical equipment manufactures. The report categorized the most high security threats to the industry and the percentage of healthcare organizations affected by each one.

1)    Malicious network traffic

Trojan malware attacks targeting hospitals and the healthcare industry have risen significantly during the course of the year and 72% of healthcare organizations are affected by them. The State of Healthcare Cybersecurity conducted by Malwarebytes state that 2019 saw a 60% increase in trojan malware.

There are two reasons as to why trojan malware is the most responsible for cybercrime in healthcare, which are Emotet and Trickbot.

Emotet is a prolific form of malware that started life as a banking trojan and now also serves as a backdoor into a variety of networks.

Trickbot is the other most common form of trojan malware targeting the health sector. Trickbot first emerged in 2016 and can be used as a gateway to deliver other malicious payloads.

Ransomware has thus targeted hospital networks to a vast degree and most organizations often become helpless in these situations as if they don’t pay the ransom, the attack directly impacts patient care.

2)    Phishing

A growing body of evidence suggests employees throughout the healthcare sector may be uniquely vulnerable to phishing attacks. There are strong numbers to support this- 56% of organizations in the health care sector experience phishing at varying levels of degree.

The pharmaceutical industry worth $1.2 trillion ranks among those hardest hit by email attacks. Cybercriminals can use lateral phishing attacks to steal IP on research and medicines worth billions. Health insurers are barraged with attacks seeking to steal valuable patient data. A study conducted from Brigham and Women’s Hospital in Boston showcased that employees at six geographically dispersed US healthcare institutions clicked 14.2% of the 2.9 million phishing emails that were launched between August 2011 to April 2018.

There are two main reasons as to why healthcare employees are susceptible to healthcare attacks.

-Rapidly Escalating Attack Volumes: Phishing attempts that successfully bypass security by foregoing malware are increasing at rates as much as 25%.

For example, a Chinese hacker indicated for a phishing attack enabled data breach St. Anthem Blue Cross got away with as many as 80 million patient medical records that is potentially worth billions.

-Sophisticated social engineering tactics: Cybercriminal organizations can now produce highly personalized emails designed to induce stress, pique curiosity and appeal to personal vanity. According to Verizon’s 2019 Data Breach investigations report, 25% of healthcare organizations suffered a mobile-related breach in the past year, with 67% characterized as “major”.

3)    Vulnerable OS

The VxWorks OS is vulnerable to remote takeover and affects 48% of all healthcare organizations. It’s the operating system that runs the elevator, the HVAC system, medical equipment and even the router that connects everything else in a hospital to the outside world.

Recently, researched at Armis have discovered 11 vulnerabilities in the operating system, six of them being critical that can affect the Wind River VxWorks previous versions. Six of the 11 vulnerabilities are remote code execution vulnerabilities. Other vulnerabilities include denial of service vulnerabilities.

Successful exploitation of these could lead to leakage of information, denial of service and logical flaws. Moreover, they can be exploited by an unauthenticated remote attacker.