During the COVID-19 pandemic, the healthcare industry is even more of a critical asset than it is normally. With so little known about COVID-19 and the large pool of potential victims (i.e. the entire global population), healthcare facilities are vital to preventing fatalities. Similarly, medical research and development labs are necessary for the efforts to create a vaccine, test it, and mass-produce to vaccinate the general population.
Despite this vital role that the healthcare industry plays at this time, they have been targeted by numerous cyberattacks. These range from Distributed Denial of Service (DDoS) attacks to ransomware to attempted data theft. As a result, healthcare organizations, more than ever, must deploy defensive cybersecurity solutions, such as DDoS protection.
Healthcare Targeted During COVID-19 Response Efforts
In the best of times, healthcare organizations have weak cybersecurity. A number of factors contribute to this, including the growing use of Internet of Things (IoT) devices in healthcare and a failure to properly secure repositories of sensitive patient data that are digitized in compliance with HIPAA and HITECH.
This generally weak security makes healthcare a common target of cybercriminals, but during the COVID-19 pandemic, targeting of healthcare with cyberattacks has only increased. INTERPOL has warned member states that they have detected a rise in cyberattacks targeting healthcare providers. Cybercriminals have also targeted organizations like the US Department of Health and Human Services (HHS) with DDoS attacks.
The reason for this spike in healthcare-focused attacks is believed to be the cybercriminals' desire to maximize their profits during the global COVID-19 crisis. During the pandemic, healthcare providers are stretched to the breaking point attempting to provide necessary care, making them easier for cybercriminals to trick, and the number of patient records being processed by these organizations has grown suddenly, making security oversights more common and impactful.
However, direct cyberattacks are not the only source of strain upon these organizations related to COVID-19. During the pandemic, COVID-19 has become a favorite pretext of cybercriminals performing phishing attacks against organizations and individuals. These attacks often imitate the World Health Organization (WHO) or the Centers for Disease Control (CDC) and pretend to provide useful advice. As a result, these organizations must take extra steps to warn people about these attacks and deal with the confusion caused by them.
Cybercriminals Say No More
The importance of healthcare organizations in dealing with the COVID-19 pandemic has not been overlooked by cybercriminals. In fact, many cybercrime groups publicly declared early in the crisis that they would cease attacks against healthcare providers until the crisis was over.
In some cases, these groups followed through with this promise. For example, one cybercrime group operating ransomware offered free decryption keys for any healthcare organization accidentally affected by their malware. While this does help these organizations recover quickly from the accidental attacks, it does not completely remove any impacts of them as restoring systems can be expensive. Additionally, in many cases, organizations lose data when restoring files encrypted by ransomware due to flaws in the decryption software.
But Many of Them Didn't Mean It
While some cybercrime organizations have made a "good faith" effort to stand by their word to leave healthcare providers alone during COVID-19, many have not. The Maze ransomware group was one of the most visible cybercrime groups to agree not to target healthcare organizations. However, they also rapidly broke that promise with an attack against Hammersmith Medicines Research.
Hammersmith Medicines Research is a UK-based medical testing lab standing by to test a possible COVID-19 vaccine when it becomes available (they previously participated in testing of the Ebola vaccine). While they are not involved in the development of the various vaccine candidates, they must be standing by and prepared to begin testing when one is ready in order to minimize the time until a vaccine is available (and the fatalities associated with COVID-19).
Hammersmith Medicines Research was attacked by the Maze ransomware and elected not to pay the ransom. As a result, their systems were offline for a significant period of time, potentially delaying testing of the COVID-19 vaccine.
To make things worse, Maze is one of the ransomware variants that has begun posting or selling stolen data online to incentivize their victims to pay the demanded ransom. They have already published some of their stolen data, demonstrating that they had no intention of abiding by their "hands off" policy toward medical organizations during the COVID-19 crisis.
The medical lab declared that they had no intention of paying the ransom, even if the cybercriminals forced them out of business. This is in-line with acknowledged best practice since paying the Maze group would only enable them to attack additional targets.
Protecting Against Cybercrime In a Time of Crisis
COVID-19 is a global crisis, and many organizations have banded together to ensure that critical services, such as healthcare, remain operating at this time. While ransomware authors, and other cybercriminals, may have made promises not to target healthcare during this crisis, the lure of potential profit is often too strong.
During COVID-19, and any crisis, cybercriminals tend to target critical services, reasoning that desperation will make them more likely to pay up. This makes it even more vital for these organizations to have defenses in place to protect themselves against attack, decreasing the strain on security staff forced to detect and remediate successful attacks. With the COVID-19 pandemic unlikely to stop any time soon, deploying security solutions such as DDoS protection and anti-ransomware solutions is a good strategic investment.