The Australian Cyber Security Centre (ACSC) recently reported a significant increase in malicious activity targeting the health and aged care sector. Ransomware is noted as the primary threat vector used for these attacks, and the industry has been warned to back up their critical data and information systems, as well as refuse ransom demands.
Cybercriminals have long seen the healthcare industry as a lucrative target because of the nature of their work. The OAIC’s Notifiable Data Breaches (NDB) Report January-June 2020 notes that health has been the highest reporting sector since the beginning of the NDB scheme and they account for 22% of all breaches this period. Malware and ransomware are some of the main sources of all breaches – accounting for approximately 20% collectively – and ransomware has reportedly increased by 150% compared to the previous period. These are worrying statistics when you consider that medical databases store vast amounts of health information critical to patients’ physical and psychological well-being. Moreover, 26% of breaches involved the compromise of health information – which unlike contact information, cannot be changed.
When an individual’s medical history is stolen the ramifications are beyond financial loss and breach of privacy – this data can be used within insurance scams and can make the victim’s access to necessary treatment very difficult. In some situations, the effects can be life-threatening.
Alongside their responsibility of handling health information and life-critical operations, these institutions are continuously trying to improve patient care and management through technological advancement. Cyber-adversaries aim to halt critical operations, steal data, and gain financially by exploiting any vulnerabilities that may exist due to digital and technological transformation or an internal lack of security knowledge.
Top Threats to the Industry
The ACSC’s recent advisory report warns health care providers of ‘Maze’ ransomware – however, there are many threat vectors that cybercriminals use to target this industry. We have outlined ransomware and other threats for the sector below.
We want to assure you that while security incidents are not uncommon events, you have reason to remain calm. It is important to know the risks specific to your industry, and moreover how to combat them. If you have any queries or concerns regarding securing your institution, please contact our cybersecurity professionals.
While the below threats may not always result in data breaches, this can certainly be the result of any malware, business email compromise or insider attack. As previously noted, health is the top breached industry because health information is so sought after by financially driven criminals. It is recommended to encrypt and back-up data.
This is a type of malware that encrypts files and makes devices inoperative. It makes patient management and care operations a difficult task. It does not need a high level of skill to deploy and typically infects devices via phishing emails containing malicious attachments or links. It is recommended to implement email gateway security and educate users on email security best practices. For more information, visit this blog.
Spear Phishing and Business Email Compromise (BEC)
The NDB Report January -June 2020 notes that a majority of breaches were linked to malicious actors gaining access to accounts, either via phishing attacks (36%) or by using compromised account details (25%). Spear phishing or BEC involves exploiting employee trust using a scam email from a seemingly trustworthy executive account. The cybercriminal often requests monetary transfer or increased access within the network. Like ransomware, this can typically be combated with email security technology and heightened user knowledge.
Distributed Denial-of-Service (DDoS) Attacks
DDoS attacks overwhelm the network and cause critical services to be disrupted or halted. These kinds of attacks are often motivated by political or ideological beliefs, and like ransomware campaigns, are typically easy to deploy as a service. In some situations, DDoS attacks can make patient care impossible because they hinder access to important records. We have covered recommendations in a previous blog post.
Employees or other users with malicious interests beyond that of the healthcare provider cause a great risk to the integrity and confidentiality of valued information and systems. These internal actors are particularly dangerous because they are not subject to the same security controls as outsider threats. They already have access to systems and can gain increased access more readily than external individuals. In conjunction with heightened Access Control, Security Awareness Training can mitigate the risk posed by malicious insiders by increasing other users’ ability to detect and protect against suspicious or anomalous behaviour.
A Lack of Security Awareness
When users are not educated on security best practices, they are less likely to follow security policy and behave in a secure manner. This means your organisation may be more susceptible to the above external threats as your last line of defence causes increased threat exposure. Security awareness works in conjunction with technical investments to bolster your defences. To read more on the importance of security awareness, visit this blog.
For more information on securing your organisation, please contact our cybersecurity professionals by clicking below: