COVID-19 introduced newer avenues whereby malicious actors unleashed cyberattacks against the healthcare industry, especially with the increased sophistication of ransomware attacks and BEC attacks. With the distribution of the COVID-19 vaccine comes an even greater shift in the cyber threat landscape whereby threat actors are leveraging emerging technologies to further compromise the safety and security of critical healthcare infrastructures.

The past year has been frightening for the healthcare industry. On one hand, cybersecurity issues were rising by the day, while on the other, there was COVID-19. Statistics show that the healthcare industry cyberattacks increased by 45% from November to December 2020.  Compared to October 2020, which had an average of 430 cyberattacks, November and December 2020 saw around 626 attacks on healthcare organizations each week. Amongst the various cyberattack types, ransomware attacks, like the Ryuk and Conti operations, were the most lethal and pervasive of all.

Evolving Threat Landscape around Healthcare Information

COVID-19 has taken the heaviest toll on the healthcare industry. Cyber adversaries are taking advantage of every major event unfolding in today’s climate to facilitate phishing campaigns and victimize unsuspecting individuals and organizations. With vaccines in near sight, malicious actors have also increased the intensity of cyberattacks centered on the Pandemic.

Advanced Persistent Threats (APT) are evolving with each passing day and leveraging some of the most sophisticated tools to achieve precision and scalability of attacks. Darkweb environments have also started offering Ransomware-as-a-Service to commercialize specific Personally Identifiable Information (PII) stolen by threat actors.

However, an aspect to note is that the said threat actors are continually changing how they execute ransomware attacks and collect ransom payments. The existing ransomware attack methodologies concentrate too much on data encryption and leaving it useless if the ransom is not paid. Today, threat actors are moving forward to release stolen confidential data into public domains whenever ransom payments are not honored.

Furthermore, Distributed Denial of Service (DDoS) attacks have also been on the rise in recent times and will continue to do so in 2021 because of the enormous number of connected devices engaging with the IoT space. More connected and insecure devices simply translate to more opportunities for threat actors to hijack unsuspecting devices into a rogue botnet.

Email communication remains the primary mode of communication amongst colleagues and clients as remote working environments continue to become the ‘new normal’ in 2021. The level of trust between parties in given email communications has increased because of the lack of communication options within a remote work setting and overall stress from the current societal climate.

As such, Business Email Compromise (BEC) attacks remain a very significant threat factor affecting the healthcare industry. Healthcare organizations have their hands full because they have to deal with multiple threats on the medical front and to keep the Protected Healthcare Information (PHI) secure.

The Impact and the way forward

The scary aspect of these cyberattacks is that it is a global phenomenon. Central Europe saw an increase of 145% in cyber incidents in November 2020, East Asia witnessed a 137% increase, Latin America (112%), Europe (67%), and North America (37%).

Though one can continue to expect novel cyberattacks like Ransomware-as-a-Service and DDoS (Distributed Denial of Services) trying to compromise enterprise information, malicious actors will also continue to use time-tested techniques to exploit gaps in the defenses of organizations.

Healthcare organizations should focus on information protection and continue implementing the best cybersecurity practices. These practices include segmenting the network, whitelisting websites and apps, patching the vulnerabilities, and understanding the dangers posed by third-party services that do not adhere to the stringent cybersecurity norms.

Besides, education is of paramount importance. Employees must be aware of the various cyber threats and their implications. Healthcare organizations should also concentrate on beefing up their cybersecurity posture by installing robust anti-phishing and anti-malware solutions.

Compliance measures such as HIPAA, PCI DSS, etc. adopted to address government regulations can also help to alleviate information security risk. Organizations must consider adding offline backup methods and enhance the security and frequency of their online strategies. GoldSky Security can help organizations protect their valuable information assets and insulate themselves from emerging threats.

Final Words

While 2020 has earned the notorious distinction of being the worst period in history for healthcare, 2021 does not appear to have a rosy future either, with medical services and research organizations continuing to become targets for cyberattacks. The year 2020 has indeed been a trying year for the healthcare industry with threats of all sorts. As the industry foresees a turbulent 2021, adopting a robust cybersecurity service that can help your organization tackle these ever-evolving threats has become a necessity to strengthen the overall security posture, thereby managing the risks most efficiently.