Connect with us


Cyber criminals targeting hospitals during COVID-19 pandemic

Avatar photo



Organised criminal groups will continue to target healthcare organisations with ransomware attacks as the pandemic worsens, cyber security experts have warned.

The warning comes after the Coombe Women and Infants University Hospital in Dublin, was forced to disconnect from the National Health Network following a ransomware attack on its IT systems on December 16.

The Health Service Executive (HSE) said the overnight attack impacted several systems at the Coombe, including radiology and some patients management systems, because they were connected to the national network.

Hugh McGauran, country manager for Ireland at Check Point Software said there was a 189 per cent rise in ransomware attacks in Ireland this year. He said hospitals are big targets because medical records fetch a high price on the dark web.

“Coombe Hospital is the latest victim in the surge of ransomware attacks we’ve experienced this year. Unfortunately, healthcare organisations are big targets for hackers all over the world and Ireland is no exception.

“The latest intelligence from our research team shows that healthcare is, in fact, the third most targeted sector in Ireland.

“And the latest ransomware data shows a huge 189 per cent rise in ransomware attacks in Ireland, compared to 2020, clearly this trend is not going away.

“Healthcare organisations are lucrative because they often hold mass volumes of personal data that can be used as leverage during acts of extortion. In this day and age, several million medical records will fetch a higher price on the dark web than a few thousand customers’ credit card details.”

This is the second attack on HSE this year. In May 2020 attackers threatened to release stolen patient information online.

A report into the attack, published by PwC, found that attackers were able to enter the system after a Microsoft Excel file attached to a phishing email was opened at an HSE workstation on March 18.

The ransomware was deployed on May 14 and the attackers said they would release the patient information online if the HSE did not pay the ransom, which the organisation said was not paid.

Brian Honan, CEO of cyber security firm BH Consulting, said the people who instigate these attacks are members of organised crime groups who would sell drugs to children or traffic people if it made them money quickly.

“Attackers will break into the systems, look around to see where the data is and then find the right target. They copy the information then they launch the attack which encrypts it.

“They will usually send two ransom demands, the first will be for the key to decrypt the data. The second will be threatening to publish the information.

“Recently, a mental health hospital in Finland was the victim of a ransomware attack. The criminals demanded money from the hospital then contacted each patient and threatened to publish their medical records.

“Everyone assumes these hackers are teens or young adults working out of their bedroom but they aren’t.

“The people behind these attacks are organised criminals. They are just as happy to sell drugs to kids or traffic people. They just want to make money and the quicker the better. They don’t care who they hurt.

“Most of them are based in former soviet countries that don’t have a positive view of western nations so their governments will turn a blind eye because the attacks are bringing money into the economy hurting the west.”

Honan said the gangs will continue to target hospitals and other facilities they as they know they are prioritising patient care over IT security.

“They have been targeting hospitals, COVID research facilities and vaccine centres because they know they have not invested in their IT security because their primary focus is patient care. So they will spend money on the patients before IT.

“Hospitals and medical facilities are very reliant on these systems so if they are unavailable they can’t function. That is their motivation to pay the ransom demands.  ”

He said the attacks will continue as the pandemic worsens and that those responsible for cyber security in healthcare facilities need to upgrade their systems and ensure they have a plan in place in case their system is breached.

“Staff need to be trained so they can spot suspicious emails and deal with them appropriately. There needs to be something in place so if someone clicks on a link attackers can’t get straight in.

“Those responsible for security should start now and plan how they would respond to a cyber attack and check that they have good backups so they can restore data.

“They need to have contingencies in place so they can carry on if the system goes down. They need to make sure staff have all the relevant forms available so they can revert back to pen and paper if they need to.”

Trending stories