Ransomware attacks on the healthcare industry continue at the same frequency as before COVID‑19, despite recent promises by some hacker groups to avoid targeting the industry during the current crisis.
According to incident response firm Coveware, ‘there has been no abatement, empathy or free decryptor granted by cybercriminals’. This claim is echoed by security firm Emsisoft, which notes that attacks continue on companies across the medical supply chain, including research labs, medical device manufacturers and logistics companies.
But according to Microsoft, there has not been a surge in malicious attacks more broadly. Hackers have largely repurposed existing infrastructure to create COVID‑19 themed attacks seizing on larger fears and uncertainty in the public sphere.
It was never realistic to expect the threat from hackers to be reduced due to the COVID‑19 outbreak. While some individual groups may be avoiding targeting healthcare targets for the time being, others continue on as before. Healthcare as an industry continues to be a soft target for threat actors—ranked at the bottom of our cyber governance industry rankings. As a result of the full embrace of technology in the operations of healthcare providers, the financial impact of ransomware attacks can be especially damaging.
The reasons for the poor performance are borne out of business strategies widely adopted in the industry. Though healthcare is in no way unique in its embrace of these strategies, the sector has been a posterchild for them:
- Accelerated growth via M&A, leading to increasingly complex and more difficult-to-manage networks that exponentially increase the number of vulnerabilities.
- Accelerated third-party outsourcing. The corporate drive for greater efficiency and cost savings has created additional supply chain vulnerabilities most companies haven’t considered when making strategy decisions about outsourcing. Increased reliance on IoT.
These factors remain unchanged through the current crisis and unfortunately some of these issues could even be exacerbated as strains on the physical infrastructure of hospitals impacts their digital infrastructure.
Though hospitals are rightly focused on the things needed to treat the deluge of coronavirus patients coming through their doors and help keep frontline workers safe, it is especially important for providers to also keep cyber in focus to reduce the risk of further operational shocks caused by ransomware.