In their recently published security bulletin, Kaspersky predicts that next year will see an increase in attacks against the fields of medicine and pharmaceuticals. This will force healthcare organisations across the world to contribute to security much more, especially in the UK which is among the first countries in the world to have just started with vaccinations.
According to Kaspersky, interest towards medical research has not just increased among regular people but also among cybercriminals. The main reason for this is of course the development of the COVID-19 vaccine and the incredibly high value of any data related to that.
2020 has seen various levels of attacks take place that are related to healthcare, from e-mails with malicious attachments all the way to phishing and targeted attacks. The attackers forged statements and documents from medical institutions, including the WHO, and sent out baseless promises of medicines and vaccines to deceive users.
At the beginning of the pandemic, a hospital in the Czech Republic, which was one of the country’s biggest COVID-19 testing facility, was attacked. 2020 also brought along the first confirmed case where a patient died because a hospital’s medical equipment was infected with malware. However, this was not a standalone case ¬– 10% of all ransomware attacks from January until September were directed towards hospitals and other medical facilities. In October alone, over 20 US hospitals were attacked in relation to extensive Ryuk and other targeted ransomware campaigns.
But attacks will not go without a response and so, cybersecurity companies joined forces to create CTI League – the first global volunteer emergency response community. The goal of CTI League is to help medical organisations to adequately react to cyber incidents. And this help is much needed as every incident may endanger people’s lives and bring about huge costs. For example, IBM’s Cost of Data Breach 2020 report found that the average cost of a data breach in a healthcare organisation cost the company 7.13 million dollars per incident. That is 10% more than the previous year and the highest average cost when compared to other sectors. Additionally, in their recently published survey results, Black Book Market Research found that 73% of healthcare organisations are not well-prepared for cyberattacks.
According to Klemens Arro, the CEO of ADM Cloudtech, cybersecurity can no longer be viewed as secondary when analysing the trends and statistics related to cyberattacks, “It must be an inseparable part of every system and process, but the healthcare sector, where technology and its security are more than critically important, has become a huge target due to the pandemic. We have seen a significant increase in attacks in this sector over the course of this year and various estimates show an even bigger increase next year.”
Arro says that we should also keep in mind that the increase in attacks is not just a result of the spreading virus. “If we leave the virus aside for a moment, then healthcare will still be a very tempting target for attackers in the future as well. One the one hand, healthcare organisations have huge amounts of sensitive data and on the other, a malware attack against a hospital which disrupts its work could bring about dire consequences,” Arro said, also adding that all organisations, but especially IT companies that offer infrastructure and data management services and healthcare organisations must make visible efforts to show that they are taking the statistics and predictions stemming from the increasing number of attacks seriously and that they are preparing for handling any attacks.
Kaspersky predicts that in 2021, attacks against the developers of the COVID-19 vaccine and medicines as well as attempts to steal sensitive data from them will increase. The world is not just fighting a pandemic but is also a witness to the competition between pharmaceutical firms where a significant break will likely mean targeted attacks against the company responsible.
- In countries that have well-developed national healthcare systems, private sector medical organisations are more likely targets for attacks. Most of them are small or medium sized enterprises. Protecting patient data and infrastructure is quite costly, which means that for small and medium enterprises, implementing either or both is generally difficult, let alone during an economic crisis.
- Healthcare-related cyberattacks will be used in geopolitical negotiations to gain an advantage.
- Next year could bring along an increase in patient data breaches in cloud services. This prediction is based on two things. First, although cloud services are the most secure option for both healthcare organisations as well as any other organisations that are responsible for managing delicate data, the security of the cloud can only be assured if it has been set up correctly and if the service is being used properly and in a secure manner. Second, it is likely that criminal interest in users’ health data will increase, which will also bring about more attacks. You can read more about what you should pay attention to the most to ensure secure use of cloud services and how to best protect your healthcare organisation here.
- Healthcare-related attacks will remain an active issue until at least the end of the pandemic. That is because the human factor is one of the most important components of most attacks and there will continue to be interest towards new regulations and restrictions, potential treatments, and the health of patients. Leaked medical documents will be used in targeted attacks since detailed patient data will help make forged messages more trustworthy and credible.
- The focus on the digital security of hospitals allows us to hope that in 2021, cybersecurity and healthcare will join forces. Earlier experiences have shown that painful lessons such as the Wannacry epidemic in 2017 and the coronavirus pandemic in 2020 are precisely the types of events that result in an increased interest in the security of infrastructure.