sb-nz logo
Story image

Cyberattacks on healthcare organisations "out of control" - Check Point

There has been a 45% increase in cyberattacks on healthcare organisations worldwide in the last two months, making healthcare the most targeted industry by cyber criminals, according to new research from Check Point.

The Increase in global cyberattacks on healthcare sector is double the increase (+22%) in cyberattacks on all other industry sectors, the research found, while the average number of weekly attacks in the healthcare sector reached 626 per organisation during November, compared with 430 in previous months.

Surges in cyberattacks on the healthcare sector occurred mostly in Central Europe (+145%), followed by East Asia (+137%), Latin America (+112%), Europe (+67%) and North America (+37%). Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Attacks on Spain’s healthcare sector doubled.

According to the research, the increase in attacks involves a range of attack vectors, including ransomware, botnets, remote code execution and DDoS attacks. Ransomware showed the largest increase and poses as the most significant malware threat to healthcare organisations, when compared to other industry sectors. The primary ransomware variant used in attacks is Ryuk, followed by Sodinokibi.

Omer Dembinsky, manager of data intelligence at Check Point, says cyberattacks on the global healthcare sector are "simply getting out of control".

"This is because targeting hospitals equates to fast money for cyber criminals. These criminals view hospitals as being more willing to meet their demands and actually pay ransoms," he says.

"Hospitals are completely overwhelmed with rises in coronavirus patients and recent vaccine programmes – so any interruption in hospital operations would be catastrophic.

“This past year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cyber criminals hungry for more," says Dembinsky.

"Furthermore, the usage of Ryuk ransomware emphasises the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign, which allows the attackers to make sure they hit the most critical parts of the organisation and have a higher chance of getting their ransom paid.” 

Security tips for healthcare organisations

1. Look for Trojans – Ransomware attacks don’t start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan.  Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should look out for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions – as these can all open the door for Ryuk.

2.    Raise your guard on weekends and holidays – most Ransomware attacks over the past year have taken place over the weekends and during holidays when IT and security staff are less likely to be working.

3.    Use anti-ransomware solutions – although ransomware attacks are sophisticated, Anti-Ransomware solutions with a remediation feature are effective tools which enable organisations to revert back to normal operations in just a few minutes if an infection takes place.

4.    Educate employees about malicious emails – Training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link, or to supply specific details.  User education to help identify these types of malicious emails is often considered one of the most important defenses an organisation can deploy.

5.    Patch virtually – the Federal recommendation is to patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, we recommend using Intrusion Prevention System (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps your organisation stay protected.

Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Case study: How Pattern helped SimTutor secure online education
SimTutor provides a software-as-a-service (SaaS) solution designed for online healthcare education and e-learning content creators.More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More