With pandemic, industry has become a top target for cyberattacks
Israel is preparing to inaugurate a “cyber defense shield” for the country’s health care sector amid a spike in attacks since the beginning of the global COVID-19 epidemic.
Speaking to participants in an online conference hosted by the Cybertech B2B networking platform on Thursday, an Israeli Health Ministry official revealed that the new system − developed in coordination with the cybersecurity firm FireEye − would provide real-time protection from attacks.
“The goal is to raise the health care sector’s resilience,” Reuven Eliahu, chief technology officer and supervisor of the ministry’s health system security and cyber division, told participants. “The [defense shield] will be available for free to all health organizations in Israel.”
Eliahu said that since the novel coronavirus pandemic began, the ministry had recorded a “very significant increase” in attacks on health organizations, with hackers taking advantage of security holes that had arisen as a result of many employees working remotely.
“Our workers are at home, and it’s their home [systems] that are less protected,” he said. “We see more and more state-sponsored players who are working as spies. … Many are looking to get their hands on solutions to the virus.”
Moreover, Eliahu noted that the number of phishing attacks had risen by thousands of percentage points in recent weeks and that China, Russia and North Korea were among the state actors behind those targeting health bodies.
Eli Parnass is the regional vice president for Israel, Greece and Central and Eastern Europe at Fortinet, a California-based cybersecurity firm that works with enterprises, service providers and government organizations across the globe.
“In the last couple of weeks, health care has become one of the most targeted sectors around the world, with many cyber-criminals that are seeking to exploit the fragile situation that we’re in for their personal gain,” Parnass told The Media Line.
“Essentially, health care organizations are under constant cyberattack attempts ranging from targeted phishing and customized ransomware incidents to more common exploits such as malware and botnets,” he explained.
Ransomware is installed by cyber-criminals on a person’s or institution’s computer system before the hacker threatens to publish data or simply block access unless a ransom is paid.
According to Parnass, who also participated in Thursday’s conference, there are several factors motivating cyber-criminals to carry out these online offensives.
“Hospitals and other health care organizations possess a vast amount of data, including sensitive and confidential patient information,” he explained. “Therefore, these organizations are known to be targets for ransomware attacks, as they are more willing to pay to reclaim data. … Upon payment of the ransom, reclaimed data may be corrupted or missing, leading to a potential impact on patient safety. In this situation, cyber-criminals have a lot to gain, and hospitals? A lot to lose.”
Like Eliahu, Parnass warned that remote medicine – also referred to as telemedicine – offered many benefits but could also open the door for cyber-criminals to access the networks of health care organizations.
“The value of the data being transmitted between networks is what encourages cyber-criminals to target telemedicine practices,” he said, adding that patients using unsecured personal devices, messaging apps or video conferencing platforms were also at risk of having their medical data stolen.
Parnass recommends that organizations add multifactor authentication and validate credentials in order to ensure that private or sensitive information does not fall into the wrong hands. Moreover, IT teams should consider implementing a comprehensive endpoint solution “that provides integrated visibility, control and proactive defense while providing secure remote access with a built-in VPN [virtual private network],” among other things.
Hospitals especially are facing a broad range of cyber challenges during this period.
Prof. Yoram Weiss, director of Hadassah Medical Center at Ein Kerem in Jerusalem, told The Media Line that a growing number of hackers were trying to access electronic medical records and IT infrastructure.
“We are experiencing attacks on a regular basis, like many hospitals,” he revealed. “We’re putting a lot of emphasis on trying to safeguard Hadassah from these cyberattacks.”
According to Weiss, hackers are taking advantage of the fact that hospitals are under “enormous strain” as they grapple with the coronavirus.
“Many hospitals are trying to create new infrastructure for critical-care patients,” he explained. “As we add more electronic infrastructure, many times it is to monitor the patients from afar, and not from their bedside, but you always have to keep in mind the possibility that you are putting stuff on not entirely secure lines.”
Weiss notes that hospitals are always on the lookout to measure the risk and benefit of any new infrastructure because they understood that if not properly secured, it could represent a safety risk for patients. One example is air conditioning systems, which if infiltrated, could be used to spread the coronavirus among hospital wards.
“For this reason, it is key for managers to understand that they first need to keep security managers and cybersecurity [staff] in the loop when introducing new devices and infrastructure,” he stressed. “Hospital employees during this time are very strained and have a lot of workload, but it’s important to make them aware.”
Health organizations around the globe have suffered an onslaught of cyberattacks since the beginning of the pandemic.
This week, the UK’s National Cyber Security Center (NCSC), the US Department of Homeland Security (DHS) and the US Cybersecurity and Infrastructure Security Agency (CISA) warned of a coordinated attack on the health care sector. The advisory cautioned health care workers and those involved in medical research to create complex passwords and use two-factor authentication.
The warning further stressed that those involved in COVID-19-related medicine and research were especially at risk of being the target of malicious cyber activity, and called on health care organizations to boost their cyber defenses.
One of the main types of attacks being carried out, the advisory specified, was “password spraying,” a technique in which an attacker tries several commonly used passwords over a large number of accounts.
“This technique allows the attacker to remain undetected by avoiding rapid or frequent account lockouts,” the advisory said. “These attacks are successful because, for any given large set of users, there will likely be some with common passwords.”
Perhaps ironically, the Cybertech conference − which featured an array of top Israeli cybersecurity experts − was originally scheduled to take place on Wednesday but did not proceed as planned when the website crashed within minutes of the start.
“Due to a system overload and a technical issue that is being checked, many viewers were unable to connect to the conference broadcast,” a statement quickly sent out by the event organizers said.
Cybertech, however, told The Media Line that the conference had not been the target of an attack.