Financial Cyber-Attacks In 2021

An alarming amount of cyber offense incidents that target hospitals and healthcare providers hit the cybersecurity radar during the COVID-19 pandemic. The health systems that fall victim to such attacks are forced to cancel their services and lose patients (unfortunately, not merely to other healthcare providers). The scope of financial influx into healthcare during the COVID-19 outbreak attracts cybercriminals, and this tendency does not seem to be changing its course in the foreseeable future. One sure way to stay vigilant for ongoing threats within the niche is through the enhancement of your cybersecurity toolkit. SOC Prime platform is a one-stop shop for cybersecurity practitioners and enthusiasts to ensure they stay at the top of their game. It is the world’s first platform for collaborative cyber defense, threat hunting, and discovery that integrates with 20+ SIEM and XDR platforms. Moreover, powered up by a user-oriented tool, Uncoder.IO, one can translate queries on the fly in a single place without the need to switch to the SIEM environment.

In these turbulent days, much of the cybersecurity discussion centers on the importance of accepting the reality that a cyber-attack is almost certain to affect any healthcare provider at some point, Russian-roulette style. Fueled by grim statistics that the healthcare industry is expected to spend an astonishing $125 billion on cybersecurity from 2020 to 2025 comes an avalanche of wide-ranging hacks and data breaches launched in this sector.

EHA

This article provides an overview of the most worrisome cyber-attacks aimed at the healthcare industry in the course of the COVID-19 crisis.

Phishing

It is no shocker COVID-19 phishing exploded as the virus progressed, with bad actors reaching their victims via scam emails, messages, and calls that seem to come from legitimate organizations such as the World Health Organization, vaccine vendors, and the Centers for Disease Control. In 2020, phishing was the most popular type of threat leveraging COVID-19 in Europe, with 65.7% of COVID-19-related threats being spam email.

One of the high-profile phishing cases in 2021 was an attack on American Anesthesiology, Inc, a key anesthesia services provider. Hackers gained access to the email system of the targeted company’s business partner, MEDNAX. Those email accounts exposed the personal data of American Anesthesiology’s clients, although the adversaries’ main goal was payroll fraud. The number of affected accounts far exceeded 1 million.

Starting with the launch of vaccines that protect from SARS-CoV-2, the virus that causes COVID-19, cybercriminals were keeping a close eye on the new horizons they were presented with. Most of the scam emails were mimicking health advice mailing, pushing questionable updates on vaccination. The top three most common email subjects (vaccine vendors may vary): Important Pfizer Vaccine Message for you; Moderna Vaccine Survey Response Needed; Johnson COVID-19 Survey Response Confirmation.

Zero-days

By the end of 2021, the price tag of a working exploit for a zero-day vulnerability rose by more than 1,150% since 2018, reaching a record amount of more than $1 million by the end of 2021. The healthcare industry has been hit particularly hard since the COVID-19 set out on its global march in 2019.

In August 2021, PwnedPiper zero-day vulnerability was identified in a solution for pneumatic tube systems (PTS) used for biological samples and medications transportation. The system is crucial in a healthcare routine, utilized in more than 80% of hospitals in the U.S, and also can be found in quite a number of healthcare institutions worldwide. PwnedPiper allows for a complete takeover of the system control, enabling attackers to deploy ransomware and access sensitive hospital information.

One year before the PwnedPiper incident, OpenClinic patients test results were exposed due to four zero-day vulnerabilities, allowing remote code execution and patient data theft.

Ransomware

There has been a flurry of ransomware actors’ activity since the rise of COVID-19, affecting vast swathes of industries. Healthcare faces the highest volumes of attacks, ranking for two consecutive years as the most ransomware-targeted sector. The reason behind it is evident: hospitals, for example, are under enormous pressure dealing non-stop with life-or-death situations, incredibly overburdened today; thus, becoming more prone to pay right away when held to ransom.

Interestingly, there are reports of adversaries respectfully excluding healthcare from the list of their targets. For instance, the BlackMatter gang assured not to target healthcare and non-profit organizations. If hit with BlackMatter’s malware, the victims from these sectors are promised to receive free decryption assistance. Even with the seeming decency of some ransomware criminals, healthcare remains the most vulnerable industry since 2020, seeing continued growth in the number of ransomware incidents and well-orchestrated RaaS models attacks in 2021.

In September 2020, the Duesseldorf University Hospital was unable to receive a patient in a critical condition as it was under a ransomware attack that infected more than 30 internal servers. The patient was redirected to another hospital, 30 km away from the initial emergency destination, and did not make it. The delay in treatment was later acknowledged as not being a direct cause of the death but still a factor that affected the fatal outcome.

As noted, the pandemic’s ubiquitous influence has affected all industries. But the one that was particularly strained is, undoubtedly, healthcare. The number of cyber-attacks, especially high-profile ones targeting this sector, has skyrocketed, spelling new issues and challenges to deal with during the COVID-19 turmoil.

Work done by a Team Of Security Experts from Cyber Writes (www.cyberwrites.com) - World’s First Dedicated Content-as-a-Service (CaaS) Platform for Cybersecurity. For Exclusive Cyber Security Contents, Reach at: [email protected]