Not surprisingly, hospitals struggling to manage the flood of COVID-19 cases are more focused on coping with the daily influx of infected patients than securing their networks and connected assets. As a result, black hat hackers are seizing the opportunity to strike while leaders’ backs are turned or at least distracted.
In response, international crime-fighting organization Interpol has released a warning that these ruthless criminals are leveraging the chaos to their benefit.
The dispatch, which went out to police in its 194 member countries, reports that as healthcare organizations immerse themselves in the business of caring for coronavirus patients, cybercriminals are launching a growing number of attempted ransomware attacks. The attacks are targeting both standard hospital platforms and digital medical services as well as exploiting unsecured medical devices.
Experts speaking with Healthcare Dive also noted that the extent of entryways attackers can use was growing even before the virus hit.
Some of the attacks have been built around phishing emails purporting to offer virus-fighting advice from a government agency. If the users click on the attachment that comes with these messages or clicks on an included link, the attacker can enter the hospital network.
However, that’s just the tip of the iceberg. Caleb Barlow, CEO of cybersecurity consulting firm CynergisTek, noted that with the rapidly expanding use of telehealth and remote patient monitoring during the COVID-19 crisis, the attack surface available to malign hackers has grown dramatically. “It has accelerated to a level we wouldn’t have expected to see over a 10-year timeframe,” Barlow told the publication. “You’re never going to get that genie back in the bottle.”
Barlow said that while medical devices were already in use before the pandemic threat expanded, he worries more about new additions. “I’m not saying that [existing connected medical devices were highly secured but that was at least an existing, known set of vulnerabilities and challenges,” he said. “What I’m more concerned about are these temporary medical facilities and mass movements of equipment.”
That being said, invaders can harm the medical devices, according to Justin Fier, director of cyberintelligence and analytics at cybersecurity firm Darktrace. Fier, who spoke to HD, pointed out that existing devices can be bricked during a broad systemwide attack. This, in turn, could lead to the deployment of new devices subject to new and heightened risks.
What makes these threats particularly worrisome is that it’s unclear how long hospitals will have their hands full dealing with emergent patient care issues. Even if the U.S. virus spread rate slows down, which some observers say is starting to happen, it seems likely that the healthcare IT infrastructure in hospitals will remain in defensive mode for some time to come.