Amidst the pandemic overwhelming the capacity of many hospital systems, malicious hackers have been quick to target healthcare providers and medical agencies. These cyber-attacks have hit both the United States and Europe in recent months, serving as a reminder for organizations to closely review their information security posture during these times of uncertainty.

Despite certain attacker groups stating their intent to refrain from targeting healthcare organizations for the duration of the COVID-19 crisis, publicly reported cyber-attacks included a ransomware attack on the Champaign-Urbana Public Health District in the United States and the downing of critical systems at Brno University Hospital in the Czech Republic. In addition, attacks against the World Health Organization have more than doubled, while the U.S. Department of Health and Human Services was hit by an attempted DDoS attack.

Attack surface is expanding

Hospitals and healthcare organizations were an attractive target even before the coronavirus pandemic. Patient records have almost everything an attacker needs in a single record to carry out sophisticated insurance fraud schemes, purchase medical supplies or drugs and/or commit other types of fraud including outright identity theft. Medical records are lucrative targets and are expensive assets in the dark market.

The deployment of new devices—especially those categorized as IoT that use wireless networks and sensors to collect and exchange information—is a double-edged sword. While these devices offer medical environments tremendous capabilities to care for patients and increase efficiencies, each device increases an organization’s attack surface.

Compliance challenges

Adding to the complexity of these security challenges are compliance and regulatory frameworks such as GDPR and NIS Directive,that are typically enacted to protect systems and sensitive data. However, since they frequently evolve to keep pace with information technology, industry influences and new threats to systems and data, healthcare organizations face multiple moving targets for (Read more...)