Ensuring cyber awareness in the healthcare sector
As a result of the COVID-19 pandemic, healthcare professionals have increased their reliance on the internet to carry out their job. From connectivity with patients, to the interconnectivity of different medical devices passing patient data, the threat vector has expanded dramatically, so cyber awareness has become crucial.
Healthcare under attack: What about cyber awareness?
This has made the sector an attractive target for cybercriminals, with the plethora of research, personal, and confidential data available to them. Recent research surveying healthcare professionals found that 41% are seeing cyberattacks against their organization take place on a weekly basis.
Healthcare organizations have seen a significant rise in prominence over the last few months owing to their key roles in fighting the pandemic. Nations have celebrated the heroes on the frontline in many ways, so why, despite the humanitarian capacity of their roles, are they being targeted by nefarious actors?
Critical national infrastructure
Healthcare plays a fundamental role in supporting a nation and is considered a fundamental part of the critical national infrastructure. With its heightened importance during the current global pandemic, it has rapidly become a very attractive target for nefarious actors intent on causing chaos and disruption, by exploiting a time of confusion and uncertainty. Cybercriminals know that by denying the services of the healthcare sector at this time would have massive ramifications for the well-being of the nation.
By denying services or the efficiency of the healthcare sector, a hostile state actor can be seen as subverting the credibility of both the government and NHS Trusts. There is also a possibility that in attacking a healthcare organization that is part of a wider network of infrastructure, it may be possible to pivot to other critical facilities.
This could start with something as simple as an email with a malicious link or document that a healthcare professional clicks on or opens, providing the cybercriminal access to the wider infrastructure. This is a very real possibility, as our recent research found that 25% of healthcare professionals believe their colleagues click on links in emails from unknown sources.
Since the WannaCry attack on the NHS in 2017, the healthcare, pharmaceutical, and biotechnology sectors have been conscious of the possibilities of a ransomware attack. In addition to the loss of sensitive data, ransomware attacks can put the lives of patients at risk.
The race for a vaccine
In addition to the healthcare sector, pharmaceutical and biotechnology organizations are also in a global race to develop cures and vaccines for COVID-19, with an increased reliance on AI within the industry. This can have many benefits, including the acceleration of drug development and the production of medicine. This speed is obviously extremely important now. Despite this, there are also risks with the increased use of AI.
While health technology tools and organizations are more powerful and impactful than ever before, individuals or organizations within this sector potentially hold the keys to ending the pandemic. As a result of this, they offer more cyberattack surfaces and options for adversaries. One example of this technology is the increased use of mobile devices by healthcare professionals. This can provide great benefits such as increased availability and efficiency, but also increases opportunities for cybercriminals if not used properly.
Our research found that 81% of healthcare professionals are using corporate devices for personal purposes, which could pose a large cybersecurity risk. This means professionals could be checking emails from compromised inboxes, sending personal emails that may contain bad links, or using online shopping websites that are not secure.
Both biotechnology and pharmaceutical companies have seen an increase in attacks compared to previous years. Reports have found the pharmaceutical industry is now the number one target for cybercriminals globally, especially for intellectual property theft. As these specialized companies move towards increased digitization and a reliance on IT and OT for development, storage, and understanding of more valuable data online, this threat only becomes more real.
Stolen data can either be sold on the dark web or ransomed back to desperate organizations which rely on access to critical documents, such as trial results, patient information, and intellectual property to continue operations.
With the medical sector having an increased reliance on AI, comes an increased number of devices, and objects being reliant and dependent on internet connectivity. This single factor leads to an increased number of potential, and vulnerable, exploitable access points for malicious actors. Unlike the many “entertainment” devices that aggregate to form our understanding of the IoT, there are multiple connected medical devices that are often unseen, but vital.
Connected medical devices have obvious benefits for clinicians, medical staff, and patients. These devices can instantly exchange data, or instructions on treatment. But this aspect is where some of the greatest dangers lie as the devices are often involved in critical procedures or treatments. Consequently, interference with the signals to a robotic surgical tool, for example, would potentially have devastating consequences.
Maintaining security through education
It is well-documented that healthcare budgets aren’t keeping up with demand and this may prevent many organizations maintaining an appropriate and resilient cybersecurity posture. This often results in security policies not being able to keep up, or just not considered during the application, maintenance, and through life support of digital systems.
Because of this, it is even more important that healthcare professionals are as vigilant to cyber-threats as possible. One small example of cyber negligence can lead to a cybersecurity attack – which happens every week for 41% of healthcare IT managers. These can result in service disruption, potentially postponing treatment for patients; or they can lead to huge amounts of data being leaked to hackers with nefarious intent.