Rod Thorne from Check Point Software explains how the health sector can bolster its security posture and resilience to threat actors.
According to a recent study, approximately 30 per cent of the world’s data is currently being generated by the health sector. By 2025, it’s expected that the compound annual growth rate of collected data for the health sector will reach an all-time high of 36 per cent. That means the health sector is generating data faster than the manufacturing sector, the entertainment sector, and even the financial services sector.
As the link between technology and healthcare continues to grow, supercharged by the fallout from the pandemic and the need to digitise everything from appointments to prescriptions, it’s little wonder the sector has become a prime target for cyber criminals. The health sector has been heavily and repeatedly attacked by organised cyber criminals since the beginning of the pandemic, with hospitals, research facilities and pharmaceutical companies all being targeted due to the high-value, time-sensitive nature of their work.
In fact, within the last six months, we observed 506 weekly attacks on healthcare organisations in Australia, and over the past year we’ve seen a variety of attacks including ransomware, botnets, remote code execution and even DDoS attacks on the health sector.
These threats have been known for some time, with the FBI issuing a notice in 2020, warning organisations in healthcare about increasingly serious DDoS attempts.
In Check Point’s 2022 Security Report, we revealed that the health sector experienced an average of 830 cyber attacks every week throughout 2021, a staggering 71 per cent increase on the previous year. This makes healthcare one of the most heavily targeted industries in the world, ahead of utilities, banking and manufacturing sectors. As the sector continues to experiment with IoT solutions – from wearable biometric scanners and automated prescriptions to MRI machines that act as a welcome mat for hackers – its attack surface area is expanding faster than its security can keep up with.
A pandemic of cyber crime
As COVID-19 cases spiked around the world, so did attacks on our hardworking healthcare sector. In October 2021, the healthcare system that serves Newfoundland and Labrador in Canada was hit by a devastating ransomware attack that one local expert said was the “worst cyber attack in Canadian history.”
Employee and patient data was stolen and thousands of vital appointments, including chemotherapy sessions, were canceled or delayed. In the same month, a crushing ransomware attack was directed at a hospital in the Middle East for the first time, as the Chinese group targeted the Hillel Yaffe Medical Centre in Israel.
The medical centre's computers were incapacitated, making the admission and discharge of patients virtually impossible. At the end of the year, the Behavioral Health Group (BHG), which runs more than 80 opioid clinics in the US, fell victim to a cyber attack that disrupted its entire network for more than a week. Prescriptions couldn’t be retrieved, so patients had to go without potentially life-saving medication. While BHG didn't reveal the cause of the incident, most experts agree it was likely a ransomware attack.
More recently, in January 2022, a serious data breach at the Red Cross led to the exposure of half a million vulnerable people’s data. The organisation, headquartered in Switzerland, had to shut down computer systems running its Restoring Family Links program, which seeks to reunite families during disasters or periods of conflict.
What’s in it for hackers, and why now?
The main motivation for threat actors targeting the healthcare sector, from hospitals and clinics to research facilities and charity organisations, appears to be financial. The sheer pressure that hospitals have been under over the past two years to help us deal with – and recover from – the pandemic, has been enormous.
The more important the sector’s work, the more tempting the target becomes for threat actors. In June 2020, just months into the pandemic, the University of California’s School of Medicine was targeted and sensitive data was held to ransom, forcing the university to pay more than US$1 million to carry on its important research.
The health sector has always been vulnerable to extortion, but the pandemic increased this vulnerability tenfold. In 2020, Check Point Research revealed that the notorious Ryuk ransomware, which had been around since 2018, had changed its focus to specifically target hospitals in order to take advantage of the crisis.
What can the health sector learn and how should it adapt?
In the vast majority of ransomware cases, the threat isn’t the ransomware itself, but its point of entry onto an organisation’s network. Most are deployed through trojan infections, often occurring weeks or even months before an attack even takes place, so it's important that hospitals, clinics and research facilities have anti-ransomware solutions in place. Solutions like Check Point’s Harmony Endpoint, leverage real-time global threat detection to automatically detect and deal with attacks.
The health sector also faces a unique challenge in that it has one of the fastest-growing attack surfaces of any industry. From infusion pumps and patient monitors in hospitals, to take-home biometric devices and even connected wheelchairs, the potential points of entry for threat actors are multiplying year on year. Hospitals and other healthcare environments should therefore be thinking about how to minimise this potential attack surface and reduce risk.
The first step toward achieving this is gaining full visibility over every connected device or endpoint, then assigning a risk weighting to each device or category of devices before setting granular security policies that reflect the level of risk.
At a time when the health sector is at its most vulnerable, it should also be at its most secure. By investing in proactive threat monitoring and detection solutions, clinics, hospitals and research facilities will be able to guard against the rising tide of targeted attacks, giving themselves a clean bill of health for 2022 and beyond.
Rod Thorne is the Australia country manager at Check Point Software.