Health Sector Under Threat from Ransomware

The COVID-19 pandemic has increased our reliance on technology, opening new opportunities for cyber criminals – with the health sector a prime target.

From late last year, already struggling hospitals were plunged into even more chaos by a wave of ransomware attacks on their systems. Cyber security company Check Point observed a 45% increase in attacks targeted at the health sector, including ransomware, botnets and DDoS attacks; compared to other sectors, this is more than double the increase. These targeted attacks on the healthcare sector are no coincidence, as the pressure of a global pandemic makes payment of the ransom much more likely, as patients’ lives may be on the line. In the US in October last year, healthcare was the most targeted sector by ransomware, with the month seeing a 71% increase in ransomware attacks on hospitals. This is a worldwide phenomenon, too. In Singapore, there was a 133% increase in ransomware attacks against the healthcare industry in Q3 compared to Q1, and Germany and Belgium saw a 200% increase in the same period.

In 2021, as COVID-19 vaccination programmes begin to roll out across the world, the huge logistical challenges mean ransomware poses an even bigger threat. Many involved in the global supply chain have never really had to think about cyber security before, and the threat of ransomware will create new pressures. According to IBM, the international vaccine supply chain has already been targeted by cyber criminals, with one campaign aimed at the delivery “cold chain” used to keep vaccines stored at the correct temperature while they are being transported. IBM have stated that phishing emails – a common way of getting ransomware to infect systems – were sent out targeting organisations linked to Gavi, the international vaccine alliance.

The biggest cyber threat to the healthcare sector going forward, though, is ransomware. Security firm Positive Technologies have said that half of cyber-attacks on the healthcare sector were ransomware in Q3 of 2020. A bigger threat in the US due to hospitals being perceived as richer than NHS hospitals in the UK, six American hospitals received ransom demands of at least $1m within a 24 hour period in October, leading to widespread disruption. In the UK, steps have been taken to avoid a ransomware attack on the scale of the crippling WannaCry attack back in 2017, which affected NHS trusts and GP surgeries across the UK. But a growing concern is that the rapid digitisation of medical services accelerated by the pandemic could result in security becoming lax. According to Check Point, the Ryuk ransomware is the top threat to the health sector, and it’s unlikely the rise in ransomware attacks in 2020 is going to slow down in 2021. Healthcare organisations should keep systems up to date, monitor networks for unauthorised access, and educating employees so they don’t fall victim to phishing attempts.