Now: current cyber threats to healthcare industry
Cyber criminals are adapting operations to exploit widespread fear and uncertainty related to the COVID-19 pandemic.3
A large number of health institutions report an increase in network traffic as they continue to respond to the COVID-19 pandemic outbreak. Recently, the U.S. Department of Health and Human Services (HHS) experienced an attempted DDoS attack; due to its large, resilient infrastructure, this had minimal impact on the agency’s operations.4 DDoS attacks could severely impact a mid-sized hospital with lesser defensive capabilities, halting or diminishing its operations. The ramifications of such an attack during the current pandemic could be catastrophic.
In addition, ransomware continues to be one of the most severe threats facing the healthcare industry.5 Even though some prominent cybercrime groups have “promised” not to target healthcare entities, ransomware attacks on hospitals and labs working on COVID-19 vaccines have continued.6 These actors conduct widespread scans of the internet for vulnerable enterprise assets, such as unpatched Virtual Private Network (VPN) servers or assets with Remote Desktop Protocol (RDP) exposed. If found, the actors may use publicly available exploits or credentials from third-party leaks to gain access to the network, ultimately finding sensitive information, stealing it and encrypting it with ransomware. This could prevent providers from accessing information about their patients’ medical histories, the dosages of drugs that patients require, or other critical information until the ransom is paid – or until the actors decide to punish the providers by publicly leaking the information.
Given the publicity around COVID-19 and the heightened focus on healthcare from actors and defenders alike, EY teams have observed increased interest in healthcare-nexus credentials. Multiple underground forum members have begun offering “healthcare cred bundles” for sale; although many of these are likely repackaged from prior third-party breaches, actors will likely incorporate these credential bundles into password-spraying and brute-forcing operations. Interest in healthcare credentials are expected to remain high and these types of operations to continue in high-volume for the foreseeable future as the crisis continues to unfold.
Cyber criminals continue to launch online attacks – phishing for enterprise credentials, data theft malware, and ransomware – that attempt to leverage on COVID-19 pandemic fears.
As many healthcare workers are feeling greater fear and uncertainty over the virus, they fall victims to cyber-attacks in search of COVID-19-related medical equipment, prevention instructions, and vaccines. Much like other ongoing attacks, the credentials harvested during this time of increased activity may not be used for weeks or months to launch an attack on the organization. As a result, technology leaders need to be ever vigilant in their efforts to educate and protect users and their enterprise credentials in the current state and even more so in the future.
Next and beyond: future cyber threats
Due to leaders across the globe issuing stay-at-home orders to their constituents, the Work From Home (WFH )/teleworking population has dramatically increased, and the healthcare industry has responded by expanding remote access to care via telemedicine.
Historically, telemedicine has faced challenges with incidents of fraud due to fraudulent Medicare billing.7 The current rapid expansion of telemedicine solutions may create issues by potentially exposing PHI and running afoul of Health Insurance Portability and Accountability Act (HIPAA) compliance. Increased reliance on and use of telemedicine may also lead to endpoint protection issues for users’ devices and increased security risks if methods to encrypt communications are not in place.8