More hospitals are reported to have been hit with ransomware attacks as the COVID-19 pandemic carries on. This comes after the first known death was reported, linked to cyber attacks on hospitals. Cybercriminals are increasingly targeting healthcare firms and according to the article, it has grown 150% since COVID-19 started. 

We spoke to experts at Check Point and Synopsys to find out what they can do to protect themselves and their patients.

According to Tony Jarvis, Chief Technology Officer, Asia Pacific, at Check Point Software Technologies, while we may be more than six months into the COVID-19 situation, cybercriminals are showing no sign of slowing down as they continue to use this crisis for their own gains.

“When a patient of a German hospital died due to a ransomware attack it made international headlines, but similar attacks are continuing,” he said, “An additional two hospitals in New York and Oregon have needed to reroute patients after their IT systems were crippled.”

According to data from Check Point Research, in APAC in October, there was a 33% increase in ransomware attacks against the healthcare industry. The uptick in ransomware attacks in APAC is mostly shown in Singapore (133% increase in attacks against the healthcare industry) and India (20% increase).

Hospitals are a global element of societal and economic critical infrastructure said Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group.

As such, they should be secured to the extent possible to protect sensitive patient and/or hospital data. “Network segmentation is an important, albeit complex, aspect of security that must be implemented in hospital systems in order to minimise their risk of a data breach,” Cipot said.

However, Cipot said that a major cybersecurity hurdle with medical devices in use in hospitals is that they have a very long lifespan. And while the software in use in these devices may have followed the best practices at the time they were designed and manufactured, they may be incredibly insecure now if they weren’t designed to be updated, or if they haven’t been maintained responsibly.

“This leaves a window for potential attackers to access data on these devices, or to use them as an access point to then pivot within the network to access sensitive data elsewhere,” Cipot explained, “If these devices don’t need to be connected to the internet for any business-critical reason, then ensure they’re not connected. And when there is concern, network segmentation based on potential risk should be considered.”

Tim Mackey, Principal Security Strategist, Synopsys Cybersecurity Research Centre (CyRC), explained that this happened because hospital systems usually faced a resource challenge that was strained further when a crisis was present in the community. Priority is given to tending to the sick, and cost centres like cybersecurity are secondary. “Unfortunately, patient data is something that is uniquely identifying to a person and something that can’t be changed. Attackers know this, which makes hospital systems and healthcare providers prime targets in the best of times,” Mackey cautioned.

He recommended using ways to limit access while without introducing complex security measures, and access virtualisation technologies like VDI can provide a protective barrier around systems processing electronic health records.   

 Jarvis from Check Point recommended the following ways to for hospitals to protect themselves:

  1. Virtual Patching – the recommendation is to patch old versions, and we get that this is sometimes impossible for hospitals. Therefore we recommend using IPS with latest packages as virtual patching to the most recent available exploits.
  2. Anti-Ransomware – although advanced hacking groups are involved in this business, the encryption process is very extensive, and Anti-Ransomware with a remediation feature is an effective tool to revert back to operation in few minutes if an infection takes place.

Given the threats these organisations face, the only solution is to be well prepared against subsequent attacks. The threat landscape has changed dramatically over the course of the year, necessitating more sophisticated protections to prevent cases of such incidents from rising further. This is the time to be identifying security gaps and prioritising solutions that may be needed, especially in industries such as healthcare where the number of successful attacks are increasing. Working with experts who are able to identify needs and advise best practices moving forward is highly advised when there is so much at stake.