Kaspersky Security Bulletin

Cybersecurity of connected healthcare 2020: Overview and predictions

More than two years after the infamous Wannacry ransomware crippled medical facilities and other organizations worldwide, the healthcare sector seems to be learning its lesson, as the number of attacked medical devices – doctors’ computers, medical servers and equipment – in 2019 decreased globally.

Our statistics showed that from 30% of computers and devices in medical organizations being infected in 2017, this number dropped to 28% in 2018, and we detect almost a third less attacks for the current year (19%).

As much as we want to believe everybody has woken up to the dangers of attacks like Wannacry, we still witnessed a number of ransomware attacks against healthcare facilities in several countries. There are two key reasons for such cyberattacks: a lack of attention to the risks of digitalization and a lack of cybersecurity awareness among staff at medical facilities.

Our conclusions about the human factor in cybersecurity are drawn from survey results. Kaspersky conducted a survey among healthcare sector employees in the US and Canada that revealed nearly a third of all respondents (32%) had never received any cybersecurity training from their workplace.

One-in-10 employees in management positions also admitted that they were unaware of a cybersecurity policy in their organization.

Another serious issue is the lack of proper security standards implemented in medical IoT devices. Throughout the year security researchers identified a number of vulnerabilities in different medical equipment. Hopefully, drawing attention to this subject will make manufacturers collaborate with the security community and contribute more to the creation of a safer environment in the world of smart medicine.

Forecast 2020

  • Interest in medical records on the dark web will grow. From our research into underground forums we see that such records are sometimes even more expensive than credit card information. It also opens up potentially new methods of fraud: armed with someone’s medical details it’s easier to scam the patient or his/her relatives.
  • Access to internal patient info makes it possible not only to steal but to modify records. This can lead to targeted attacks on individuals in order to mess up diagnostics. Diagnostic mistakes are the number one reason for patient deaths in the medical field according to statistics (even ahead of poorly qualified medical personnel).
  • The number of attacks on medical facility devices in countries that are just starting the digitalization process in the field of medical services will grow significantly next year. We expect to see the emergence of targeted ransomware attacks against hospitals in developing countries. Medical institutions are turning into industrial infrastructures. Loss of access to internal data (e.g. digital patient records) or internal resources (e.g. connected medical equipment inside a hospital) can halt patient diagnostics and even disrupt emergency aid.
  • Growing numbers of targeted attacks against medical research institutes and pharmaceutical companies conducting innovative research. Medical research is extremely expensive and some APT groups that are specialized in intellectual property theft will attack such institutions more frequently in 2020.
  • Thankfully, we’ve never seen attacks on implanted medical devices (e.g. neuro-stimulators) in the wild. But the fact that there are numerous security vulnerabilities in such devices means that it’s just a matter of time. The creation of centralized networks of wearable and implanted medical devices (as in the case of cardio stimulators) will lead to the emergence of a new threat: a single point of entry to attack all the patients using such devices.

Cybersecurity of connected healthcare 2020: Overview and predictions

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox