What’s next for healthcare cybersecurity in 2021?
The year 2020 saw the highest increase in cyberattacks registered by a single sector ever. The health-care industry in the second quarter of the year saw a 63 percent rise (from the previous quarter) in sophisticated attacks while Q3 saw a 39 percent increase. Put together, this has set the warning bells ringing across CERT teams and cybersecurity vendors trying hard to stop these cyberattacks from derailing the ongoing fight against the Covid-19 pandemic.
The mode of attack
In over 79 percent of the attacks, healthcare service providers were kept away from critical data including patient records, device calibration information and administrative documentation. Such data was held to ransom to put psychological stress on these healthcare institutions (many of whom had frontline Covid-19 healthcare workers) to pay off steep ransom to free their data. This cycle has repeated innumerable times this year.
The hackers also exposed several weaknesses in the way healthcare institutions approach cybersecurity:
- Use of unpatched and outdated software that is well past its prime as well as untested collaborative platforms
- Less than secure data storage practices
- Lax attention to cybersecurity
- Lack of a proactive and complete outlook towards cybersecurity
- Lack of employee sensitization on cybersecurity threats
As many as 42 percent of healthcare institutions we spoke to this year had experienced some form of breach due to a cyberattack. Majority of them (71 percent) paid the ransom quietly and got their data back. The others did not respond to questions on what happened after the cyber-attack citing confidentiality reasons.
“Hackers view healthcare institutions as easy targets for a cyberattack because of prevailing practices and pre-existing vulnerabilities that have been around for years, if not decades. This is also one of the sectors where the time taken to monetize a cyberattack is the shortest. Together these two factors have contributed immensely in turning healthcare into one of the most vulnerable sectors out there. In many ways, the cybersecurity journey of many healthcare providers is just starting,” said Kiran Zachariah, VP Digital Security at Subex.
Looking ahead
The volume of cyberattacks is not expected to decrease in 2021. But we are expecting healthcare service providers to mount a strong challenge to hackers and to move away from being easy targets for malware developers and other adversarial entities. We are expecting attacks on R&D institutions to rise significantly as hackers shift their attention to the results Covid-19 vaccines are getting from real-world trials. Such attention will extend to other areas witnessing frenzied R&D efforts.
Healthcare institutions need to ramp up their cybersecurity efforts and increase the distance between them and hackers. Wasting hackers’ machinations through deception and by deploying solutions that detect and contain attacks early is one option to consider.
Subex is here to help
Subex Secure is a suite of solutions that includes Subex Secure Edgetech, Subex Secure Threat Intelligence and Subex Secure Security Operations Center services. Our OT and IoT security solution Subex Secure is agentless, non-intrusive, and built for discovery, detection, mitigation, and protection. It can passively and actively discover devices and their vulnerabilities and contain threats and prevent lateral movement through rapid digital detention. It can be deployed to scale and in a staggered and proactively flags threats and vulnerabilities through a 3-step filter process.
We can help you improve your cybersecurity posture so that you can focus your energy and attention towards fighting Covid-19 and other healthcare challenges out there. Connect with natalie.smith@subex.com to learn more.
