Cybercriminals Take Advantage of Healthcare’s Importance
Cybercriminals consistently focus on high-value targets for their attacks. As the healthcare industry grew increasingly critical and visible in the midst of the COVID-19 pandemic, cybercriminals targeted it with a variety of different goals.
During the COVID-19 pandemic, hospital capacity has been a critical concern. In some areas, any degradation in a hospital’s ability to operate could have resulted in loss of life if other nearby hospitals could not pick up the slack.
Cybercriminals took advantage of this increased importance of healthcare by making it one of the primary targets of ransomware attacks. Ransomware’s success is based upon the probability that the target organization both has the resources required to pay the ransom and that the encrypted resources are important enough to be worth paying up. Especially during the COVID-19 pandemic, the healthcare industry ticks both of these boxes.
Medical records are some of the most complete sources of personal information about a person. These records contain general personal data (name, address, social security number, etc.) and payment card data (for medical bills). This makes them a major target of cybercriminals and some of the most expensive personal data for sale on the Dark Web.
With the COVID-19 pandemic, healthcare organizations’ focus is on patient care, not cybersecurity. Additionally, these organizations have been forced to become increasingly reliant digital service offerings such as telehealth platforms and electronics health records.
As a result, healthcare data is increasingly accessible from the public Internet and its protection is not a current focus of healthcare organizations or their patients. Cybercriminals have taken advantage of this with an increase in healthcare-focused malware attacks, the discovery of new telehealth software vulnerabilities, and phishing emails designed to steal patients’ sensitive data.
During pandemics and other healthcare crises, like COVID-19 or the H1N1 epidemic, interest in the healthcare sector skyrockets. During COVID-19, the average person’s knowledge of vaccination and epidemiology increased as people searched for updates regarding the status of the COVID-19 vaccine and pandemic and how to protect themselves.
Cybercriminals take advantage of this type of increased public interest via phishing attacks. Whether a pandemic or the latest Olympics, people are more likely to open emails associated with current events. As a result, the number of COVID-19 related phishing emails – sent to both the general public and healthcare organizations in particular – rose dramatically in 2020.