Hospitals and health care department are working day and night to help people come out of the pandemic. Since the arrival of Covid-19, hospitals got filled up with patients and the working hours extended. The servers and the networks got busy and working all the day. This increased the possibility of cyber-attack against hospitals. When the hospital staffs were busy risking their lives to save the lives of people, cyber hackers were searching for vulnerabilities to lurk into the systems and to leak informations of the patients, staffs etc.
The pandemic has raised a serious challenge against the healthcare sectors worldwide. Along with the pressure of dealing with increasing Covid patients, today they also have to manage the extended spike in the cyber-attacks. When the staffs are busy in the work, they do not have time to ensure the cyber security for the systems. They cannot keep a record of which employee is accessing which system. It is practically impossible in this time. Most of the hospitals do not have a cyber-security team to prevent such attacks from happening.
As per the reports, from November 2020 the cyber-attacks against health care sectors have escalated by 45%. This is a serious issue which should be addressed and solved. People with a little humanity will not perform such malicious activities in this situation. When the health workers are putting their efforts to save a life, here people are taking advantage of them to loot them. What a perfect world! The hackers see this as an opportunity to seek out large number of victims with more profitable outcomes.
The major techniques the hackers use to exploit hospitals are ransomware attacks, botnets, remote code execution and Distributed Denial of Service attacks. In majority of the case, the threat actors deploy ransomware attacks, because the hospitals always end up paying the ransom as they cannot shut down their systems or loose sensitive data in a situation like this. Cyber groups are also active in performing supply chain attacks based on the online underworld. When they leak personal information, they sell most of them in public platforms or dark net.
The security researchers have found millions of medical data containing medical databases, emails, login credentials and passwords in the dark web. As per the information received, the hackers are planning to execute more complex attack by combining resources and intelligence against hospitals. They are combining the supply chain attacks to a cyber-attack machine which could perform more devastating attack.
As a part of the mission to protect healthcare sectors, one of the cyber security researchers posted a need for health care database in an online forum. Within minutes he got a reply offering database in return for crypto currencies. This openly exposes the threat against hospitals data and their easy availability. It is high time hospitals establish a stable cyber security to protect the patient’s data. They should also have regular check-up of their cloud configuration as well as the controls.
Best practices the hospitals should follow to prevent cyber attacks
Spread awareness among the employees
It is the responsibility of each and every employee in the hospitals to make sure than no security controls and compliance policies are bypassed. If the healthcare workers are busy the institution must appoint cyber security experts to take care of them. They should conduct regular analysis about the vulnerabilities and the phishing emails & attachments. This helps to fortify the network
Increase patching practices and encryption activities
Systems and softwares which are not updated can have vulnerabilities and are easy to exploit. The maintenance of these softwares should be done timely and install the new version of the software. Follow the default preventive steps like changing the passwords and enforcement of out-of-the-box security protocols.
Have a regular monitoring on the risky remote connections
Hospitals mainly use two types of connections, Remote Desktop Protocol (RDP) and Virtual Private Network (VPN). While using these types of connection, the users should enable advanced security settings so that only limited number of people can have the access of the system. Similarly, the network traffic should also be monitored to avoid troubles.
Have authentic cyber security software
Cyber security is the only way to prevent malicious happenings. Every hospital should install safe cyber security software which can take up the responsibility of protecting the sensitive information as well as detecting the presence of any threats in the system and the network.