Will Cyberattacks on Healthcare Information Systems Be as Viral as COVID-19 Itself?


March 2020

By: Ali Gomulu

Cyberattacks have increased by 150 percent in the healthcare sector over the last two months, according to a report by the C5 Alliance, a new community brought together by the cybersecurity investment firm C5 Capital.

These attacks, which appear to be opportunistic and launched at a time when hospitals, medical equipment and service vendors, government agencies, health insurers and others in the “ecosystem”, are so concerning that IT professionals are being included as “essential workers” in guidance and legislation associated with stringent “work from home” mandates.

Last month, the World Health Organization (WHO) warned of fraudulent emails being sent by cyber criminals posing as the WHO and asking recipients to contact them (while in the background, phishing software was been embedded into the device’s system).

Cybercriminals have also been impersonating the US Centers for Disease Control and Prevention (CDC), and the U.S. Health and Human Services Department (HHS) suffered a cyberattack on its computer system citing a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic and may have been the work of a foreign actor.

“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks,” adding that HHS and federal networks were back to normal relatively quickly.

The UK National Cyber Security Centre (NCSC) reported that phishing emails with links claiming to have important coronavirus-related updates are circulating which, once clicked on, lead to devices being infected. According to the NCSC, these attempts have been seen in several countries.

Attacking health-related networks and systems is not new. Last September, Moody’s Investors Service reported that increasingly sophisticated cyberattacks will pose significant threats to operations, revenues and patient safety, that will expose more hospitals to malpractice accusations and lawsuits.

Hospitals with strong risk management programs in place are more able to respond to a major disruption such as the one caused by COVID-19, which is dramatically increasing the number of patients in a context of a deadly, highly contagious disease.

It is no wonder IT teams are considered among the most essential workers, whether onsite or in data centers, network operations centers, or working virtually. Existing contingency plans are being reviewed in real time, while security teams are on high alert and  working around the clock to ensure networks, servers, systems, applications, cloud-based services and more are operating, so care can be delivered more efficiently than ever in the face of this global health crisis.

Beazley Breach Insights found that healthcare is the industry most targeted by cybercriminals, accounting for 41 percent of all breaches reported to the firm in 2019. Roughly one-third of the breaches were related to hacking or malware attacks, with another 31 percent caused by accidental exposure.

Despite this, healthcare has been behind other sectors in taking security measures. Just four to seven percent of a health system’s IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry.

IT managers and network admins in mission critical industries, including healthcare and pharma, especially at this time, need tools they can count on to efficiently gain secure access, control configurations, and indisputably record all activities, to guard against internal and external threats.

Ironsphere’s Privileged Access Security platform is the world’s most cost-efficient, flexible, and easily deployed Access Control software, working across network infrastructure, protecting cloud services, databases, applications, and real time computing and communications systems.

Our core offering is a Privileged Access Management (PAM) solution protecting enterprise resources, used as an engineering access, information security and governance tool, to prevent internal data breaches and malfeasance using privileged accounts.

Our platform brings together solutions including Access Directory, Dynamic Password Controller, Session Manager, Multi Factor Authentication Manager, Data Access Manager, Privileged Access Manager for Public Cloud, and Privileged Task Automation.

The healthcare industry is especially vulnerable to attacks, and insider threats have been on the rise as it has become clearer how lucrative it is to steal not only personal health information, but personal identity information, credit card and insurance data, and more.

As digital health innovations come online, and a growing number of patients are being seen virtually via telemedicine platforms, healthcare providers and insurers are investing in cyber security solutions that reduce the risk of not only data loss, but the potential loss of life. Medical records, prescriptions (including for opioids), and real time health monitoring add to the attraction, and ransom attacks have become more prevalent, given the high cost associated with the disruption of networks and systems, including instances where entire medical centers have been compromised.

Healthcare systems have historically been the victim of internal and external threats, and despite the complexity associated with having to add more security to existing systems, this is no longer an option for IT teams responsible for ensuring the integrity of data or for management teams responsible for ensuring the integrity of the reputation and financial performance of healthcare companies. As more and more endpoints are added with new connected devices, Privileged Account Management solutions are also able to protect those devices and limit the sprawl of a breach, should that breach be identified and subsequently stopped. With insider threats on the rise, the solutions offered by Ironsphere are investments in reducing risk by more than fifty percent.

We stand by to help protect hospitals and other medical facilities at this unprecedented time, supporting the IT teams who have never faced a crisis like this. We help IT teams get more done, comprehensively, and with more automation than ever before. Given our architecture and cloud-capabilities, we can implement defense mechanisms in days, to help stop the spread of this kind of virus, secure the systems, and streamline the work of teams under stress.

Similar Blogs

Enterprise Risk Appetite Frameworks Should Include PAM

Enterprise Risk Appetite Frameworks Should Include PAM

Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”

read more