A ruthless cyber-pandemic: Hospital ransomware has boomed in 2020

Andrei Mihai

“Romanian hospitals haven’t updated their software in 17 years,” tech journalist Andrada Fiscutean, wrote in back June. “There are over 1,300 ‘code red’ vulnerabilities,” she adds.

Image credits: Dmitriy Suponnikov, CC BY 3.0

At first glance, you’d be tempted to chalk it off as a bizarre country-specific issue. After all, despite having a thriving IT industry, the Romanian public sector isn’t exactly known for its cyber-security. But it’s not a local problem by any means — it’s happening almost everywhere.

In September, Universal Health Services (an American Fortune 500 company) reported a massive cyber campaign against them, which resulted in outages that delayed lab results and medical staff to write everything with pen and paper. Not long after that, a cyber-attack was also reported at a Düsseldorf University hospital in Germany, which ultimately ended up killing a patient.

Cyber-attacks on healthcare units have spiked during the pandemic, and ransomware seems to be especially prevalent. It’s a sign that cyber-security has never been as important.

A cyber-pandemic

Ransomware is essentially an attack that threatens a computer or network and asks for a fee to be paid. It’s like taking a hostage — and even though the hostage is a computer (or several) and not a person, the damage can still be very real.

Hospitals are on the front line of the pandemic. They have been since the start, and they will continue to be until the end of this outbreak (if or when that actually happens). Because of this extreme situation, hospital resources are stretched extremely thin. Even without an external attack, hospitals can collapse under the sheer influx of extra COVID-19 patients, especially if medical personnel also are infected. If a cyber-attack also piles on top of all this, things can go south very fast.

If a hospital’s computer network is frozen by a malicious attacker, doctors can’t access files and treatment sheets, electronic systems can be brought to a halt, and patients’ lives are at risk.

A hospital network can usually get infected in one of three ways:

  • either through a direct hack, when an attacker logs in to the hospitals’ servers;
  • if an unsecured computer accesses a website or portal controlled by the attackers;
  • through infected links sent via email.

Ransomware isn’t the only attack or scam hospitals are exposed to, but it’s one of the most dangerous. Intelligence agencies, security firms, even big tech giants are all sounding the alarm over this cyber threat, especially as attacks have become more common during the pandemic.

No honor among thieves

Given that the pandemic casts such a big shadow on all of us, you’d be excused for thinking that attackers would give hospitals a break. Instead, the opposite happened and attacks spiked.

Early in the pandemic, many cyber-attackers pledged not to attack hospitals. Some said that even if they ‘accidentally’ attack a hospital, they’ll drop the malware. Others said they won’t target hospitals, but if hospitals get infected, then that’s that. But other groups seemed to have less scruples, as attacks on public health facilities continued to mount as the pandemic unfolded. BitDefender’s Liviu Arsene posted charts showing the surge in hospital cyber-attacks during the pandemic. A part of that, Arsene says, is the extra pressure that the pandemic has put on hospitals, making them more vulnerable to cyber-attacks.

“It’s likely that, since hospitals have been facing new procedures and measures, and new documentation regarding the pandemic on a daily basis, especially during the past couple of months, attackers have been impersonating public institutions and global healthcare organizations to trick medical staff into clicking on malicious URLs or opening infected attachments,” he writes.

A big deal

But this situation has also revealed that many hospitals are woefully unprepared for such attacks. The problem is so widespread that the FBI, US Department of Health, and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert on ransomware activity targeting hospitals and other healthcare providers, noting that criminals are callously targeting the healthcare system because they believe hospitals are likely to pay up.

“CISA, FBI, and HHS have credible information about an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” they wrote at the time.

The FBI is currently investigating a chain of attacks on hospitals across the US, and experts fear the worst may be yet to come. It’s a “big deal”, says John Hultquist, director of intelligence at cybersecurity FireEye, who calls it the biggest threat of this type in terms of danger to the public. Europe and North America saw increases of 67% and 37%, respectively in 2020 — and the situation is not much different in 2021.

The timing of these attacks is not coincidental: attacking hospitals at a time like this, shows the ruthlessness of these gangs. It’s a deliberate attempt to wreak havoc on systems already pushed to the limit.

Protecting against attacks

So what can hospitals do to protect themselves from this threat? As it’s often the case, there’s no silver bullet. The first step is awareness, writes the EU Agency for Cybersecurity — members of the organization (whether it’s a hospital, clinic, or something else) should be aware of this threat and treat everything accordingly, with caution (and secure passwords). Other tips include:

  • Installing two-factor authentication. It’s always a good idea, especially if staff is working remotely;
  • Carrying out regular database backups. Again, this is good cyber-hygiene and helps reduce the damage in case of an attack;
  • Ensuring a back-up system, in case the hospital’s activities are disrupted;
  • Closing any remote desktop protocols — these can be used to repair and configure devices, but can also be accessed by hackers;
  • Segmenting IT networks, so that security teams can isolate or filter network zones that may have been infected;
  • Keeping software up to date;
  • Working closely with security teams (it’s not uncommon for the private sector to offer pro bono cybersecurity helps to hospitals).

Ultimately, ransomware remains a problem medical systems will have to deal with, pandemic or not — and their line of defense is only as strong as its weakest link. Hospitals can’t afford to have aging technology, out-of-date security, or unaware personnel. As hospitals are quickly becoming huge Internet of Things centers, the risk of a cyber-pandemic will only continue to grow. Just like the risk of ‘real’ pandemics.

The post A ruthless cyber-pandemic: Hospital ransomware has boomed in 2020 originally appeared on the HLFF SciLogs blog.