The number of cyber-attacks around the world exploded in 2020: exploiting the Covid-19 pandemic as an opportunity for cybercriminals to take advantage of the shift in focus towards smart working and hospital staff transferred to the frontline.
This Kaspersky Security Bulletin 2019 reports on a decrease in the number of cyber-attacks in healthcare organisations, possibly in the wake of lessons learned from the Wannacry ransomware attacks. However, its forecasts for 2020 make interesting reading, highlighting increasing risks for the sector.
#1: Growing interest in medical records on the dark web. Kaspersky research reveals that medical records can sometimes be more expensive than credit cards in underground forums. In turn, this increases the potential for new methods of fraud by malicious actors armed with someone's medical details to scam the patient or her/his relatives.
#2: Risk ot theft or record modifications through internal access to patient data. This could be the first step towards attacks on individuals to mess up diagnostics, where mistakes are the number one reason for patient deaths in the medical field according to statistics, even beating mistakes by under- or poorly-qualified medical staff.
#3: Significant growth in attacks on medical facility devices in countries embarking upon healthcare digitisation. Kaspersky predicts the emergence of targeted ransomware attacks against hospitals in developing countries.
Related to this, is the additional risk of losing access to internal data, e.g. patient records or internal resources, e.g. connected medical equipment inside a hospital, which can prevent patient diagnostics and even disrupt emergency support.
#4: Increasing attacks attacks against medical research institutes and pharmaceutical companies conducting innovative research. In 2020, it is expected that intellectual property theft will target highly specialised and expensive medical research.
#5: Security vulnerabilities in implanted devices are an emerging target for cyber-attacks. While no attacks on implanted medica devices, e.g. neuro-simulators were identified by Kaspersky, centralised networks of wearable and implanted medical devices (e.g. cardio simulators) are widening the threat surface in the healthcare sector, a single point of entry to attack all patients using such devices.
PANACEA Research perspectives: PANACEA is continuously monitoring the cyber threat landscape in healthcare as it evolves over time. Examples of insights shared with the sector and the cybersecurity community include the webinar co-hosted with cyberwatching.eu - Cyber security for Healthcare: Human and Legal Perspectives in September 2019.
Lookout Watch entry date: 31/01/2020