Security breach concept - internet cyber-attack alert with red broken padlock icon showing unsecured data

Businesses & Healthcare facing increased risk of sophisticated cyberattacks

The number of ransomware attacks has grown significantly.....

The computer systems at Universal Health Services, which runs approximately 400 hospitals and care centres across the United States and the United Kingdom, recently experienced a massive ransomware attack, making it one of the largest medical cyberattacks in US history. 

The number of ransomware attacks has grown significantly over the past few months, as cybercriminals look to cash in on security vulnerabilities emerging as a result of increased remote work practices. 

The golden age of ransomware attacks 
In early April, near the start of the global pandemic, INTERPOL warned that it had detected a significant increase in ransomware attacks against hospitals and medical services engaged in the virus response. 
The following month, Fresenius, Europe’s largest private hospital operator that employs nearly 300,000 people across more than 100 countries, was hit with a ransomware attack on its technology systems. Hackers reportedly utilized the Snake ransomware to attack Fresenius. In September, police in Germany launched a homicide investigation after the death of a woman who was transferred to another hospital following a ransomware attack. 
Meanwhile, the World Health Organization (WHO) revealed that it was experiencing double the usual number of cyberattacks against its systems, including hackers running malicious sites impersonating the WHO’s internal email system. 
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It’s become a common tactic for hackers, though attacks of this scale against medical facilities aren’t common. 
“Not only has the number of ransomware attacks increased, but ransomware itself has evolved, with some of the most popular forms disappearing and new forms emerging. In some cases, these are even more disruptive and damaging,” says Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams. 

Putting patients’ safety at risk 

A computer virus could put people in serious danger if the target is a healthcare facility. Experts say old machines and outdated software at hospitals have contributed to the spread of ransomware. If the situation doesn’t improve, it could put patients’ safety into further jeopardy. 
“The consequences can be grave. If an attack happens in the middle of a surgery, whatever machines are being used could go down, forcing medical staff to fall back on manual methods,” comments the NordVPN Teams expert. ‘“MRI machines, ventilators, and some types of microscopes — are computers too. Just like our laptops, those computers come with software that the developers have to support. When the machines become old and outdated, the people who made them might stop supporting them. That means that old software can become vulnerable to attacks.” 
In many cases, hackers threaten to leak the data they’ve stolen if the victim doesn’t pay a ransom — something that might strike fear and pressure victims to give into the extortion demands. 
Patient records can sell for up to $1,000 on the black market due to the amount of information found in the documents, including date of birth, credit card information, Social Security number, address and email. Social Security numbers can be purchased for as little as $1, and credit card information sells for up to $110. 
Therefore, there should be a two-pronged approach — one that allows the organization to protect everything and also achieve HIPAA compliance. Attacks don’t just expose data, but also open the organization up to HIPAA and GDPR violations and fines, according to a global research and advisory firm Gartner. 
As governments around the world attempt to address the public health crisis and contain the spread of COVID-19, there’s a big chance that criminals will continue to exploit this chaos, triggering subsequent spikes in cyberattacks against healthcare institutions. According to Ms. Gurinaviciute, healthcare organizations, especially those that run outdated technology, should expect these kinds of attacks to continue happening around the globe.  

7 steps to protect organization’s data 
Cybersecurity doesn’t concern large hospitals or medical institutions exclusively, and general precautions should be taken in the medical industry regardless of institution size. NordVPN Teams experts suggest starting with the following: 

  1. Updates. Ensuring security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities that help them gain a foothold in the network. 
  2. Multi-factor authentication. Multi-factor authentication across the ecosystem can prevent hackers from moving across the network and gaining additional controls. 
  3. Regular backups. Organizations should also regularly back up their systems, as well as test those backups on a regular basis as part of a recovery plan. If the worst happens and ransomware does infiltrate the network, there’s a known method of restoring it without the need to pay ransom to cybercriminals. 
  4. Audits. Hospitals should conduct regular audits of their machines and segment their networks, so if one piece of the network is compromised, it doesn’t spread throughout the entire system. 
  5. Remote access. Only secure virtual private network (VPN) connectivity should be allowed for remote access. In addition, only whitelisted IP addresses or device IDs should be allowed to access systems, as this will allow access to authorized users only. 
  6. Treat every email with zero trust. Because of the remote work environment, the amount of information exchanged over the internet through virtual conferences and emails has skyrocketed. Establish a process that enables employees to report anything suspicious, and share regular updates and information about phishing emails. 
  7. Security training. General security policies need to be drawn up and implemented, and staff have to be appropriately trained ad-hoc, whether remotely or in person. 

For more information visit: 

For more Technology Business news follow i-invest Online

Other stories you may like

  • A star of online trading
    An interview with Iskandar Najjar, CEO of Equiti Group Equiti provides online multi-asset trading services and support to a wide global client base. The group’s global footprint includes offices in Europe, the UK, the Middle East, the Americas, Africa and the Asia Pacific regions. Among…
  • Fides Reach further, connect faster
    An interview with Andreas Lutz, CEO, Fides Fides is the world leader in multibank connectivity, payments and transaction communications. A market leader for more than a century, Fides is committed to making financial operations as efficient, transparent and secure as possible for all organisations. More…
  • EU Renovation Wave
    On January 23rd, the European Parliament is set to vote on the rules surrounding the green renovation of homes across the EU. Innovative instruments to unlock the necessary finances to achieve the EU’s building energy efficiency goals are on the table. MEPs must vote to…
  • BoE to stress test non-banks for first time after pensions turmoil
    Investment funds and other non-bank financial institutions face their first “stress test” in 2023 to apply lessons from the near-meltdown in Britain’s pension fund sector, the Bank of England (BoE) said in December. The BoE had to step in from September to buy £19.3bn of…
  • Germany calls for global regulation of crypto industry
    Germany’s top regulator recently called for global regulation of the cryptocurrency industry to protect consumers, prevent money laundering and preserves financial stability. Mark Branson, the president of Germany’s financial market regulator BaFin, said a hands-off approach that would “just let the industry grow as a…

Follow us