Surge in cyber-attacks on healthcare organisations amidst the COVID-19 pandemic. Here we share some pointers on spotting a phishing scam.
More than two years after the infamous Wannacry ransomware crippled medical facilities and other organizations worldwide, the healthcare sector seems to be learning its lesson, as the number of attacked medical devices – doctors’ computers, medical servers and equipment – in 2019 decreased globally. Our statistics showed that from 30% of computers and devices in medical organizations being infected in 2017, this number dropped to 28% in 2018, and we detect almost a third less attacks for the current year (19%). As much as we want to believe everybody has woken up to the dangers of attacks like Wannacry, we still witnessed a number of ransomware attacks against healthcare facilities in several countries. There are two key reasons for such cyberattacks: a lack of attention to the risks of digitalization and a lack of cybersecurity awareness among staff at medical facilities. Our conclusions about the human factor in cybersecurity are drawn from survey results. Kaspersky conducted a survey among healthcare sector employees in the US and Canada that revealed nearly a third of all respondents (32%) had never received any cybersecurity training from their workplace. One-in-10 employees in management positions also admitted that they were unaware of a cybersecurity policy in their organization. Another serious issue is the lack of proper security standards implemented in medical IoT devices. Throughout the year security researchers identified a number of vulnerabilities in different medical equipment. Hopefully, drawing attention to this subject will make manufacturers collaborate with the security community and contribute more to the creation of a safer environment in the world of smart medicine.