Targeting the healthcare industry became commonplace for hackers amid the pandemic
French President Emmanuel Macron has promised to invest €1 billion in national cybersecurity strategies after ransomware attacks hit the hospitals of Dax and Villefranche-sur-Saône this month. The organisations were forced to shut off both internet and phone connections to stop the malware from spreading, and turned to paper-based methods to carry on with their usual operations.
According to the French National Information Systems Security Agency (Anssi), ransomware attacks surged by 255% last year and were particularly aimed at the healthcare industry. Hackers targeted 27 French hospitals, as they’ve opened their systems to the outside world, in order to allow teleworking and teleconsulting during the course of the pandemic. In the most recent cases, ransomware affected patient records, surgical devices, medication management, appointments, as well as bed and doctor allocation. With the COVID-19 vaccine rolling out, fraudsters are also targeting people who want to skip the queue and get the jab from under the counter.
Cyberattacks against health care providers are not limited to France. In October 2020, the FBI together with the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), issued a warning about the imminent threat of ransomware attacks on American hospitals. After cybercriminals targeted a German hospital for ransom, patient care systems were disabled and one woman died during the transfer to another clinic.
Ransomware is a type of malicious software that spreads across computer networks, encrypting files and demanding payment for a key to decrypt them. It has become a common tactic for hackers, as it is one of the easiest ways to prosper from cybercrime. If the targeted organisation has no backup copies of compromised files, it will have to buy out the data in addition to the cost of the disruption itself.
“Sometimes hackers attack random victims who might have weaker security systems, but they also aim at those for whom the data is crucial: government agencies, medical institutions, or big law firms. When organisations have their files encrypted, they face a dilemma: secure the machine by removing malware or save the data, or pay the demanded ransom with no guarantee of obtaining an encryption key,” says Juta Gurinaviciute, the CTO at NordVPN Teams.
The malicious actors might employ well-known builds of malware familiar to white hat hackers, so the decryptors might be available online. However, this silver lining is very thin and organisations should implement the necessary digital protection measures.
Firstly, they can alleviate the damage by keeping backup copies on a separate device, which should be disconnected from the network or kept on a cloud drive. Although these copies won’t stop a ransomware attack, they can help to mitigate the cost.
Other provisions include regular software updates, safe surfing practices, learning about new threats, and using secure or private networks. If the organisation has been hit by malware, make sure to disconnect the infected machines and determine what has been compromised. In the case of medical records, additional reporting to officials will be also mandatory.
Despite the average ransom demand being $84.000, the companies and institutions that fell victim to this type of cyberattack face significant disruption costs. French officials estimate that it will take several weeks before the targeted hospitals of Dax and Villefranche-sur-Saône can return to normal operation.
Further information
