The cybersecurity landscape has seen a significant rise in attacks against healthcare organizations, with a 45% increase reported since November 2020, coinciding with a global surge in COVID-19 cases. A recent report from Check Point Research indicates that the healthcare sector has become the primary target for cybercriminals, overshadowing a global average increase of 22% in cyberattacks across all industries during the same timeframe.
In November, the healthcare sector experienced an alarming average of 626 cyberattacks per organization weekly, up from 430 in October. Attack methods varied widely and included ransomware, botnets, remote code execution, and distributed denial-of-service (DDoS) attacks. The alarming trend of ransomware has seen major criminal groups employ variants such as Ryuk and Sodinokibi, effectively escalating their efforts against healthcare facilities.
Omer Dembinsky, Check Point’s data intelligence manager, emphasized the evolution in ransomware tactics, noting that targeted and tailored attacks have replaced broad spam campaigns. This shift enables attackers to focus on critical organizational components, thereby increasing the likelihood of ransom payment. Central Europe witnessed the most significant rise in attacks, with a 145% increase recorded in November, followed by East Asia and Latin America with increases of 137% and 112%, respectively.
These developments align with a joint advisory issued in October by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services (HHS), which warned of an imminent cyber threat specifically aimed at U.S. hospitals and healthcare providers. The advisory highlighted the use of malware such as TrickBot and BazarLoader, leading to ransomware infections, data breaches, and disruptions in healthcare services.
Additionally, state-sponsored cyber actors have intensified their attacks against organizations involved in COVID-19 vaccine distribution, further complicating the cybersecurity landscape. Notably, several pharmaceutical companies, including Dr. Reddy’s Laboratories, faced ransomware incursions amidst vaccine development efforts, showcasing the growing nexus between global health initiatives and cybersecurity risks.
This surge in ransomware incidents can be attributed to the ongoing pandemic, with hospitals often in urgent need to regain access to critical systems swiftly. Such circumstances make institutions more amenable to demands for payment, as highlighted by a recent case where the University of California paid $1.14 million in bitcoin following a NetWalker attack.
According to researchers, medical services and research entities are increasingly becoming focal points for cybercriminal activities aimed at stealing sensitive organizational data or debilitating essential operations. In light of the pandemic, it is crucial for both organizations and individuals to uphold strong cyber-hygiene practices as cybercriminals exploit widespread vulnerabilities associated with the crisis.
In summary, as the pandemic continues to dominate global attention, cybercriminals are likely to persist in their strategies that exploit this focus for illicit gains, underscoring the importance of robust cybersecurity measures. Understanding tactics outlined in the MITRE ATT&CK framework, such as initial access, persistence, and privilege escalation, can help organizations better prepare for potential threats and safeguard against evolving risks.
