The current landscape of cyberattacks

According to Purplesec and the World Economic Forum, the cybersecurity industry outlook seems busier than ever with a 600% increase in cybercrime occurrences due to the COVID-19 pandemic and an industry wide expenditure forecast of $366.1 billion.

The main trends studied from recent years are:

• 43% of all breaches are caused by an insider, malicious or not. (Check Point)
• The average cost of a data breach in 2021 was $4.24 million. (IBM)
• The estimated probability that a cybercriminal is detected and prosecuted in the US is about 0.05%. (WEF)
• Most impacted industries are: businesses (retail, wholesale and e-commerce), healthcare, financial, government, education and energy. (PurpleSec)
• 43% of all cyberattacks target small and medium businesses. (SecurIT)

Also, an important fact to remember is that most of the cybersecurity breaches are caused by human error and not by a technical issue. This means that most cyberattacks exist mainly because people working and running businesses don't have enough knowledge about cyber risks.

So, how are healthcare companies performing in the light of these statistics?

A brief history of cybersecurity in healthcare

First of all, a little historical context can give you a good idea of how this industry has been impacted through the years. A few important facts worth mentioning:

• According to HC3, the first-ever ransomware attack occurred in 1989 and was centered around healthcare. A biologist distributed 20,000 floppy disks containing trojan malware at the World Health Organization AIDS conference in Stockholm, Sweden.
• 30 years later, an anonymous person or group attacked the Boston Children’s Hospital in 2014. It distributed denial-of-service (DDoS), an attack which renders services unavailable.
• A couple of years later, the ransomware known as WannaCry infected about 70,000 British National Health Service (NHS) systems.
• More recently, a ransomware called Ryuk targeted 400 dental offices via a supply-chain attack. Also, the Campbell County Health in Wyoming suffered canceled surgeries and ambulance diversions caused by another type of ransomware.

Biggest threats in healthcare today

That historical overview showed an increasing trend in occurrences. Around 80 million individuals were affected by healthcare attacks between 2020 and 2021, so this trend does not appear to change. So, what 's exactly behind those cases? What are the most critical issues to tackle?

Well, according to Swivelsecure, some of the most critical issues this industry is facing today are:

• Private patient information value: Like we mentioned on a prior article, electronic Protected Health Information (ePHI) is a valuable asset, which contains not only names, addresses and phone numbers, but also other information like health records and relatives.
• Medical devices: Most health organizations need an array of devices to work and usually, these devices are not updated in a timely manner. This situation increases the attack surface and therefore the overall risk.
• Remote access to data: Given the nature of the healthcare processes, remote access to data is needed. This basically means that the number of working devices is higher, and the level of security relies on the controls put in place.
• Resistance to technological changes: The usage of outdated technology renders the systems vulnerable to technical vectors of attack.
• Lack of awareness: This is a key point. Most attacks are caused by human errors; errors that could be mitigated, if device users had a better understanding of where the risks are.
• Data access and permissions: Healthcare organizations usually deal with an authorization challenge, where it’s difficult to set boundaries between different kinds of workers and the information they should have access to. This implies that there are different privileges that, after an attacker gains access to a certain device or account, could be exploited.

Having said that, what are the main vectors of attack to take advantage of those issues? According to UpGuard, the most common four vectors of attack are:

• Phishing: Emails appearing to come from a trusted source that contain malicious files or URLs.
• Ransomware: As mentioned in the history section above, this is a malware that encrypts data and allows an attacker to ask for a ransom, hence the name.
• Security controls: Complex layers of information and distribution of human resources make it more difficult to implement effective security controls on each step of the process.
• Distributed Denial of Service: Multiple and continuous requests coming from an array of hosts, until the target server crashes.

In the light of all of these issues, what is the healthcare industry doing to solve them? According to Kruse et al (2017), some of the solutions to this problem are: defining duties and responsibilities for each type of employee, having well defined upgrade procedures, using a virtual local area network (VLAN), using deauthentication mechanisms, implementing data breach plans, moving resources to cloud based computing and training workers to be more cybersecurity aware.

Do you think you’re implementing cybersecurity correctly? Do you want to know where your main weaknesses are? At Red Sentry, we specialize in offensive security, bringing automated and manual products to give you a good understanding about how vulnerable your systems are.