What are the most common threats in the healthcare sector?

The international health emergency has changed our way of life and that of the world overnight. However, there are those who see the Covid-19 crisis as an opportunity to exploit it for illicit purposes: cybercriminals. During the month of March last year, i.e. at the beginning of this crisis, there was an abysmal increase in phishing campaigns targeting the healthcare sector and a general public who were nervous about the uncertainty of this situation. The emails received had the appearance of important information related to Covid-19 (fake sales of masks, purchase of life-saving respirators, among others), but were loaded with malware and malicious links.

Now the most detected attacks are the two main ransomware variants: Ryuk and Sodinokibi. This points to quicker money for cybercriminals, as they see hospitals as the most willing to meet demands and pay ransoms. Unfortunately, the ransomware attack is the most worrisome threat in a hospital overloaded with Covid-19 patients. This already happened last March 12 at Brno University Hospital in the Czech Republic, forcing them to redirect patients to other hospitals.

How have ransomware threats to the healthcare sector changed?

The first recorded attack involved a Trojan sent to AIDS researchers in 1989. Since then, ransomware has changed a lot until today. Cybercriminals are not only more organized, but often more skilled and sophisticated. One example is that they now specifically target medical devices, not just networks, servers, PCs, databases and medical records. For example, the 2017 WannaCry ransomware attack infected 1,200 diagnostic devices, caused many others to be temporarily shut down to prevent the spread of the malware, and forced five UK hospital emergency departments to shut down and divert patients.

The good news is that there are steps that healthcare systems and organizations can do to stay ahead of the next ransomware attack. Proven employee awareness education, effective security tools and regular patching are basic and critical steps that every organization should take. redborder works specifically on cybersecurity and other critical infrastructure protection issues such as healthcare, preventing successful attacks and their consequences.