Healthcare Cyber Threats
in the time of Covid-19

The healthcare sector has been taking efforts for years to protect itself against IT security threats, with conflicting results. Although hospitals and other organizations have had to deal with security violations, the industry has learned how to take on these problems and safeguard patient data.

The digitization of medical records and the ever-growing range of telemedicine tools available, however, have made patient data ever-more accessible, and while on the one hand the advantages are clear, on the other patients run a potentially greater risk of them falling into the wrong hands.

The risks for healthcare organizations have evolved over time, with ransomware and phishing attacks some of the latest, but these IT security problems do not only concern criminal attacks: research has indeed shown that data violations can also come from inside the organizations themselves, in many cases involuntarily.

Security teams often concentrate on protecting their networks, data and resources from hackers and other outside threats, but it is also important to take internal threats into consideration. An insider is an individual inside an organization who has been granted access to an organization’s hardware, software, data or knowledge. These insiders include past and current employees, contractors, interns, and other people who have been given access to data or systems. All these trusted people could accidentally or deliberately take actions which cause damage to the company structures, systems or equipment, cause financial damage or expose or divulge intellectual property and sensitive data.

The legitimate access that the insider has or had to proprietary systems can help them defeat traditional cybersecurity measures, such as intrusion detection devices. They may also know the configuration of the network and its vulnerabilities, or in any case be able to obtain such information better than any outsider. While some insiders may simply be careless, others act maliciously. The concept of internal threat includes a wide range of workers and different situations: from someone who unknowingly clicks on a harmful link which compromises the network or loses a work device containing sensitive data, to those who maliciously give up access codes or intentionally sell confidential information for profit.

In order to minimize the internal risks, organizations must establish a specific program with the aim of detecting, discouraging and responding to damaging and unintentional threats from internal personnel. This program should protect critical resources from unauthorized access and damaging actions, and the workforce should be trained to identify internal threats and report any suspicious behavior or activities. 

The Covid-19 pandemic is a threat to the healthcare sector in various ways. A lot has been written about the danger to doctors and nurses and on the financial difficulties that suppliers, for example, have to deal with. Equally risky, but less discussed, however, are network attacks in the middle of an overwhelming health emergency.

Covid-19 has led to a significant increase in remote working and making greater use of telemedicine tools for virtual care. Healthcare workers have also found themselves dealing with a wave of infections in addition to the rest of their patients, potentially increasing the risks for information security in healthcare: in recent years, hackers have increasingly targeted healthcare institutions, and the gravity of the current situation has not slowed this at all. The World Health Organization (WHO), the US Health and Human Services (HHS) department, and one of the largest coronavirus testing structures in the Czech Republic have all been attacked successfully in the last few months. Always ruthless, hackers currently see a golden opportunity to attack the networks of healthcare organizations, which are as vulnerable as they are important.

This should alarm anyone involved in healthcare IT security, because while it is true that there is never a point when we can let down our guard, at the same time there has never been a moment worse than this. With clinics and hospitals facing a situation where their resources are seriously reduced, the addition of IT problems could make it much more difficult or even impossible to guarantee the necessary care. For patients, suppliers and administrators, IT attacks put the entire system in danger.

The healthcare emergency has therefore created a new series of challenges. Changes made by organizations in response to the pandemic, such as implementation of remote working in order to make use of the entire workforce, have increased the risk of espionage, unauthorized disclosure, fraud and data theft.

Like all sectors, healthcare must protect itself from a wide range of IT attacks but, having limited resources, often it must inevitably concentrate on the most common and frequent threats. These threats range from malware which can compromise the integrity of the systems and the privacy of patients to DDoS (Distributed Denial of Service) attacks which interrupt the ability of the structures to provide care to patients. Of the various types of attacks which healthcare structures can be subjected to, some are particularly frequent and damaging, and are sometimes even interconnected:

• Ransomware
• Data breach
• DDoS attacks
• Business Email Compromise

These attacks allow a hacker to use all the most dangerous weapons in their arsenal: trojans, downloaders, ransomware, and more besides. When successful, they can lead to serious data losses or critical applications ending up offline, at a time when healthcare needs effective IT more than ever. IT security may not seem the most urgent or immediate threat to health at this point in time, but it is something which no one can allow themselves to ignore: in healthcare, indeed, cyber-attacks can have repercussions going beyond financial loss and privacy violations.

The whitepaper “Cyber threats in the Healthcare Sector. Trends, Vulnerabilities, Compliance” helps healthcare operatives assess the approach they wish to adopt, shedding light on the reasons why the healthcare sector is particularly attractive to cybercriminals, providing an overview of the biggest issues facing it and legislation in the area, and proposing a suitable approach.