What Clinicians Need to Know About Mounting Healthcare Cyberattacks

Alongside the increase in telemedicine use there has been a corresponding rise in ransomware attacks and other cybercriminal activity directly targeting healthcare organizations. In October 2020, the FBI and U.S. Department of Health and Human Services issued an alert regarding hackers which are increasingly using “RYUK” ransomware to target hospital systems during the second wave of the COVID-19 pandemic. The costs of such attacks can be very high; the agencies estimate that ransomware attacks have been responsible for loses of at least $61 million in the United States between 2018 and 2019.

With the increase in cybercrime there has been an increase in ransomware attacks specifically, with over 20 medical facilities recently affected. Since 2016, ransomware attacks have cost the U.S. healthcare system a minimum of $160 million, according to research by Comparitech. In September of this year, University Health Services which encompass over 400 facilities across the United States and United Kingdom experienced a “RYUK” attack which forced them to take 250 facilities offline. No patients were harmed; however, employee communications were severely hampered.

Why Is This Happening?

While healthcare systems have been working on strengthening their defenses against such offenses, IT security remains a significant concern as cybercriminals continue to infiltrate secure databases via healthcare workers who may fall victim to sophisticated spear-phishing attacks. These can come in the form of targeted fraudulent emails, such as spoofs of a boss’ email address or messages sharing illegitimate COVID-19 information.

Hospitals and healthcare organizations also trail in security measures compared with other sectors; healthcare systems spend approximately 4% to 7% of their IT budgets on security, compared with 15% in other sectors. Furthermore, hackers can attack patients directly by hacking into medical devices and altering patient data although this is less likely than shutting down entire hospital systems. Notably, patients are rarely aware of the potential for cybersecurity concerns and may be easier victims.

Cybercriminals target healthcare systems often due to the ease of obtaining data as well as its inherent value; often files include information such as Social Security numbers that can be sold for large sums on the dark web. Further, ransomware attacks are extremely profitable. During an attack, hackers are able to infect and shut down a hospital’s entire IT system making data impossible to read and completely shutting down communication systems, allowing them to demand a ransom before returning systems to normal.

What Does It Look Like?

The switch to virtual care has opened potential access points for criminals, such as personal devices and home networks, which allow hackers to access healthcare system networks by way of other, less secure devices. As a result of out-of-date security, weak passwords, unsecured WIFI networks, and routers, criminals can now more easily sneak into healthcare IT frameworks.

Currently, phishing is the preferred method of hacking as it relies on human error, which has been spurred by pandemic exhaustion; according to the 2019 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey phishing was associated with 69% of security incidents at hospitals in the last year.

Today’s phishing attacks are increasingly sophisticated often using personalized messages or impersonating members of hospital executive teams to get users to click on links, input passwords, or wire money to bank accounts. Sometimes these attacks come from users masquerading as legitimate vendors or foundations.

“In a 2019 survey of email fraud attacks against 450 healthcare organizations, Proofpoint found that targeted healthcare companies received 43 imposter emails in the first quarter of 2019, up 300% over the same quarter in 2018,” according to an article published by MedPage Today. “Within affected healthcare companies, 65 people were targeted by spoof email, and 95% of those companies saw emails spoofing their own domains.”

Reportedly, the most commonly found subject lines of attack emails included “payment”, “request”, “urgent” and related terms in 55% of all attacks, while 77% of attacks on healthcare companies used malicious URLs.

Most likely to attract hacker attention and be attacked are the people with access to critical data, those with a publicly available email, as well as those who are popular in their field. Although, it is important to remember that employees of all ranks can be targeted by phishing campaigns and ransomware attacks.

How to Prevent Cybercrime?

The best line of defense against cybercrime is education and awareness; it is important to inform and prepare for cyber-attacks by knowing what they can look like, what content to be cautious with, and how to protect yourself as well as patient data. For instance, a common practice is the organization of fake phishing campaigns to test healthcare professionals internally. Such fake campaigns can caution IT experts and administrators about users that are most likely to fall victim to real cyber-attacks when they occur.

It is also helpful to be aware of trends in cybercrime. For instance, COVID-19 hacking has grown in popularity and relates to phishing attacks that target healthcare professionals with timely pandemic-related content. In the beginning of the pandemic, cybercriminals sent out links about COVID protocols from falsified World Health Organization addresses; subsequently, they began posing as vendors of personal protective equipment, selling face masks and shields. Now, fake vaccine information emails are increasingly being circulated.

On a larger scale, investing more heavily in IT security to protect patient data and keep healthcare systems running smoothly during such a tumultuous and demanding time is paramount for hospitals and organizations. Meanwhile, on an individual level, practitioners are encouraged to familiarize themselves with telehealth cybersecurity best practices and remain vigilant about potential threats online.