Businesses & Healthcare facing increased risk of sophisticated cyberattacks
The number of ransomware attacks has grown significantly.....
The computer systems at Universal Health Services, which runs approximately 400 hospitals and care centres across the United States and the United Kingdom, recently experienced a massive ransomware attack, making it one of the largest medical cyberattacks in US history.
The number of ransomware attacks has grown significantly over the past few months, as cybercriminals look to cash in on security vulnerabilities emerging as a result of increased remote work practices.
The golden age of ransomware attacks
In early April, near the start of the global pandemic, INTERPOL warned that it had detected a significant increase in ransomware attacks against hospitals and medical services engaged in the virus response.
The following month, Fresenius, Europe’s largest private hospital operator that employs nearly 300,000 people across more than 100 countries, was hit with a ransomware attack on its technology systems. Hackers reportedly utilized the Snake ransomware to attack Fresenius. In September, police in Germany launched a homicide investigation after the death of a woman who was transferred to another hospital following a ransomware attack.
Meanwhile, the World Health Organization (WHO) revealed that it was experiencing double the usual number of cyberattacks against its systems, including hackers running malicious sites impersonating the WHO’s internal email system.
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common.
“Not only has the number of ransomware attacks increased, but ransomware itself has evolved, with some of the most popular forms disappearing and new forms emerging. In some cases, these are even more disruptive and damaging,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.
Putting patients’ safety at risk
A computer virus could put people in serious danger if the target is a healthcare facility. Experts say old machines and outdated software at hospitals have contributed to the spread of ransomware. If the situation doesn’t improve, it could put patients’ safety into further jeopardy.
“The consequences can be grave. If an attack happens in the middle of a surgery, whatever machines are being used could go down, forcing medical staff to fall back on manual methods,” comments the NordVPN Teams expert. ‘“MRI machines, ventilators, and some types of microscopes — are computers too. Just like our laptops, those computers come with software that the developers have to support. When the machines become old and outdated, the people who made them might stop supporting them. That means that old software can become vulnerable to attacks.”
In many cases, hackers threaten to leak the data they’ve stolen if the victim doesn’t pay a ransom — something that might strike fear and pressure victims to give into the extortion demands.
Patient records can sell for up to $1,000 on the black market due to the amount of information found in the documents, including date of birth, credit card information, Social Security number, address and email. Social Security numbers can be purchased for as little as $1, and credit card information sells for up to $110.
Therefore, there should be a two-pronged approach — one that allows the organization to protect everything and also achieve HIPAA compliance. Attacks don’t just expose data, but also open the organization up to HIPAA and GDPR violations and fines, according to a global research and advisory firm Gartner.
As governments around the world attempt to address the public health crisis and contain the spread of COVID-19, there’s a big chance that criminals will continue to exploit this chaos, triggering subsequent spikes in cyberattacks against healthcare institutions. According to Ms. Gurinaviciute, healthcare organizations, especially those that run outdated technology, should expect these kinds of attacks to continue happening around the globe.
7 steps to protect organization’s data
Cybersecurity doesn’t concern large hospitals or medical institutions exclusively, and general precautions should be taken in the medical industry regardless of institution size. NordVPN Teams experts suggest starting with the following:
- Updates. Ensuring security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities that help them gain a foothold in the network.
- Multi-factor authentication. Multi-factor authentication across the ecosystem can prevent hackers from moving across the network and gaining additional controls.
- Regular backups. Organizations should also regularly back up their systems, as well as test those backups on a regular basis as part of a recovery plan. If the worst happens and ransomware does infiltrate the network, there’s a known method of restoring it without the need to pay ransom to cybercriminals.
- Audits. Hospitals should conduct regular audits of their machines and segment their networks, so if one piece of the network is compromised, it doesn’t spread throughout the entire system.
- Remote access. Only secure virtual private network (VPN) connectivity should be allowed for remote access. In addition, only whitelisted IP addresses or device IDs should be allowed to access systems, as this will allow access to authorized users only.
- Treat every email with zero trust. Because of the remote work environment, the amount of information exchanged over the internet through virtual conferences and emails has skyrocketed. Establish a process that enables employees to report anything suspicious, and share regular updates and information about phishing emails.
- Security training. General security policies need to be drawn up and implemented, and staff have to be appropriately trained ad-hoc, whether remotely or in person.
For more information visit: nordvpnteams.com
For more Technology & Business news follow i-invest Online.
- UK ranks second in G7 economies for economic impact of entrepreneurship
The beta launch of the Shopify Entrepreneurship Index shows that British entrepreneurs generated over £28 billion worth of business activity in 2022. According to the index, entrepreneurs on Shopify in the UK grew their exports by 8% in the last year – valued at over… - How businesses can futureproof their AI strategies
Getting ahead of the UK Government’s AI whitepaper On the 29th March 2023, the UK Government released its plans to balance AI risks with innovation, taking its first step to harnessing the true potential of the technology. The AI regulation whitepaper follows growing concerns around the… - The trading partner you can trust
Whether you’re just starting out, or moving to the next level, award-winning broker FairMarkets provides a safe, fair, and transparent trading environment Offering a whole range of products available across the biggest financial markets, including CFDs on forex, commodities, indices, stocks, and cryptocurrencies, FairMarkets International… - How much should my outsourced IT service cost?
When looking for the best IT service provider, weigh up your requirements and remember, you get what you pay for, says Tim Downs, Director of Bitwise-IT A question I get asked a lot is, how much does a managed IT service cost? The answer is of course,… - Unlocking Britain’s digital potential
With the UK ready to bet on burgeoning technologies such as AI, 5G, and IoT tools, a solid digital infrastructure has never been more important, says Finbarr Toesland Hardly a month goes by without the news of a new technological development that is heralded to be…