31 January 2022

The dangers of connected healthcare

Technology

The sector’s vulnerability to cyberattacks, scams and data leaks will only continue to grow in 2022.


Despite the best efforts of medical institutions and information security companies, the healthcare industry remains insufficiently protected and vulnerable to cyberattacks.

This time last year, we forecast a significant increase in the number and size of medical data leaks, and a report by Constella Intelligence found this to be true. In fact, the number of leaks grew one-and-a-half times compared with the previous year.

Several factors contributed to this. First, the digitalisation of healthcare has significantly increased over the past couple of years and thus, because there was more data to leak, the volume of such leaks grew. Second, cybercriminals had already started paying more attention to this sphere and they certainly did not lose interest in 2021. They actively continued to use the medical theme as bait and, as a result, their victims were frequently medical professionals.

The beginning of the mass vaccination campaign also led to many fraudulent scams last year. After the first vaccines appeared on the internet – and especially dark web forums – an active vaccine trade began online, a trade where no one could verify the authenticity of the vaccines being sold. Nevertheless, such scammers found buyers who wished to obtain the vaccines as quickly as possible, and soon offers for fake vaccine certificates and various QR-codes appeared.

Also, ransomware groups continued to attack medical organisations in 2021. In September, research found attacks of this kind led to an increase in patient mortality, delayed test results and a delay in providing treatment and discharging patients from hospital. The story of a death caused by a ransomware attack on a medical institution caught the media’s attention. An infant in a US hospital died because the hospital could not provide sufficient treatment since the computers were frozen as a result of a ransomware attack.

So what is in store for the sector in 2022?

Based on these trends and incidents we researched over the previous 12 months, here are Kaspersky’s predictions:

  • Telemedicine will continue to actively develop and cybercriminals will have the opportunity to find security holes in a whole slew of new applications from programmers who have never created such products before. What’s more, it is likely that malicious fakes of telehealth apps will appear in app stores – counterfeits that copy the “true” application and promise the same functionality. 
  • The demand for fake digital medical documents will increase, as will the supply. The more privileges that are given to those with a covid passport, the more people there will be who are interested in buying fake documents.
  • The sensitivity of the medical data found in leaks will grow. The data contained in medical records is, by itself, very sensitive. However, the digitalisation possibilities for medical equipment are growing, and providers are more frequently using wearable devices or even sensors implanted in the human body that collect even more sensitive data – and data that’s not necessarily of a medical nature. These devices may, for example, give details about a person’s movements.
  • The medical sector will forever be used as bait in the schemes of cybercriminals. A letter spoofed as an important “medical” notification can be just as successful in “catching” victims as fake messages from banks, especially when people are eager and worried about test results or messages from doctors. 
  • While mass training of medical personnel is required, such training is at this point not expected to be conducted. The growth in the number of data leaks and ransomware attacks on medical organisations makes clear that, among other things, there is a lack of awareness on the part of healthcare employees about information security. That is despite seven in 10 healthcare workers we surveyed for the Kaspersky Healthcare report saying their organisation had an IT security awareness training program in place. Continuous training is required – if this is not provided, we will see both of the aforementioned attacks continue to only develop.

Physical health is fundamental, but digital health and security is also key for the industry. As with health, it isn’t good enough to be reactive to potential issues that could prove dangerous – be proactive and shield yourselves and your patients from cyber risks. 

Some steps you can take include ensuring all devices that have access to the practice or organisation’s network are protected – from smartphones and tablets to medical equipment.

Endpoints are the main target for cyberattacks, so protecting these and running regular software updates can help eliminate opportunities for cybercriminals to find a security hole.

Weak passwords also provide cybercriminals with a prime opportunity to steal sensitive data, so ensure passwords are strong and the use of multifactor authentication is in place across the board. Lastly, ensure that colleagues and employees are aware of cyber risks and have a clear idea of the cybersecurity measures in place at your workplace.

Noushin Shabab is a senior security researcher in the global research & analysis team at Kaspersky Australia & New Zealand