Cyberattacks on healthcare organisations 'out of control' - Check Point
There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals, according to new research from Check Point.
The Increase in global cyberattacks on healthcare sector is double the increase (+22%) in cyberattacks on all other industry sectors, the research found, while the average number of weekly attacks in the healthcare sector reached 626 per organisation during November, compared with 430 in previous months.
Surges in cyberattacks on the healthcare sector occurred mostly in Central Europe (+145%), followed by East Asia (+137%), Latin America (+112%), Europe (+67%) and North America (+37%). Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Attacks on Spain's healthcare sector doubled.
According to the research, the increase in attacks involves a range of attack vectors, including ransomware, botnets, remote code execution and DDoS attacks. Ransomware showed the largest increase and poses as the most significant malware threat to healthcare organisations, when compared to other industry sectors. The primary ransomware variant used in attacks is Ryuk, followed by Sodinokibi.
Omer Dembinsky, manager of data intelligence at Check Point, says cyberattacks on the global healthcare sector are "simply getting out of control".
"This is because targeting hospitals equates to fast money for cyber criminals. These criminals view hospitals as being more willing to meet their demands and actually pay ransoms," he says.
"Hospitals are completely overwhelmed with rises in coronavirus patients and recent vaccine programmes – so any interruption in hospital operations would be catastrophic.
"This past year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cyber criminals hungry for more," says Dembinsky.
"Furthermore, the usage of Ryuk ransomware emphasises the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign, which allows the attackers to make sure they hit the most critical parts of the organisation and have a higher chance of getting their ransom paid."
Security tips for healthcare organisations
1. Look for Trojans – Ransomware attacks don't start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan. Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should look out for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions – as these can all open the door for Ryuk.
2. Raise your guard on weekends and holidays – most Ransomware attacks over the past year have taken place over the weekends and during holidays when IT and security staff are less likely to be working.
3. Use anti-ransomware solutions – although ransomware attacks are sophisticated, Anti-Ransomware solutions with a remediation feature are effective tools which enable organisations to revert back to normal operations in just a few minutes if an infection takes place.
4. Educate employees about malicious emails – Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link, or to supply specific details. User education to help identify these types of malicious emails is often considered one of the most important defenses an organisation can deploy.
5. Patch virtually – the Federal recommendation is to patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, we recommend using Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps your organisation stay protected.