Post-Pandemic: Top Cybersecurity Threats to Healthcare Security

How have cybersecurity threats changed during the pandemic? Last year started slowly in terms of cyberattacks, with fewer incidents reported in January than in previous years. Then, that all changed suddenly in February and March 2020 at the height of pandemic lockdowns. There was an unprecedented rise in hacking and malicious activity online during this time. Reports from businesses and cybersecurity experts continued to climb, reaching a three-fold spike in April compared to previous years.

Unfortunately, this is not a new trend. The number of data breaches has been steadily rising since 2010, setting a new record in 2019, explains the HIPAA Journal. In addition, in 2020, the number of cyberattacks on healthcare more than doubled! And now, in 2021, cyberattackers are expected to set another unwelcome record for patient data breaches.

Top Cybersecurity Concerns for Health Care in the Post-Pandemic Period

The majority of attacks at the onset of the COVID-19 pandemic fell into two broad categories: distributed denial of service (DDoS) attacks, mostly volumetric, and password login attempts in the form of brute force and credential stuffing attacks. In addition, there were also a larger number of reported malware attacks and web attacks than usual.

1. Attacks Targeting Telehealth

When a national emergency was declared last year, the HHS loosened the application of fines for HIPAA privacy violations to facilitate wider adoption of telemedicine for patients and data sharing as more healthcare professionals began working from home. In addition, as HIPAA relaxed regulations, many providers started conducting e-visits with unsecured internet connections at home.

The exact role of telehealth in data security breaches during the pandemic is unclear, but it’s certainly considered a runaway problem at this point. This is mainly because of the lack of comprehensive assessment and oversight of telemedicine’s data security landscape. Plus, reporting is hard to track, as often a period of time passes before victims understand that they were involved in an attack.

Some forms of attack have targeted internet-facing remote desktop environments, patient-facing mobile apps,  or vulnerabilities in data transmission, encryption, and authentication by telemedicine providers. Additionally, hackers have exploited vulnerabilities in endpoint security and security patches, FTP, and RDP protocols regularly used for remote connections.

Experts warn healthcare organizations to be aware that HIPAA relaxation isn’t absolute. Most HIPAA compliance provisions for privacy and confidentiality are still in effect, including the need for providers to secure network connections.

2. DDoS Attacks

Distributed denial of service attacks are dominating the pandemic cybersecurity challenges currently facing healthcare organizations. “Between January 2020 and March 2021, DDoS attacks increased by 55% and are becoming more complex, with 54% of incidents using multiple attack vectors,” according to F5 Application Threat Intelligence.

Volumetric DDoS attacks work by overwhelming network capacity with high volumes of malicious traffic. By using up the bandwidth of the targeted network or between the targeted network and the external internet, these attacks can cause real damage and cause an infrastructure to collapse.

Professional hackers often combine volumetric DDoS attacks with application-layer attacks and changing techniques. They do this to evade static mitigation tools and draw security teams’ attention away from the real goal, which is Trojan Horse network penetration. At that point, the malicious actors can install malware and steal valuable patient data or try to extort money.

DDoS attacks frequently target financial institutions and cloud service providers, but more hospitals and life science laboratories were the intended targets in this period than ever. During the pandemic, cybercriminals increasingly attempted to take advantage of vulnerabilities in healthcare organizations as they pivoted to remote work. Their attention was focused more on the emergency situation than on cybersecurity.

Successful DDoS attacks have disrupted remote workers employed by a group of hospitals, interrupted internet services used to treat patients, and inhibited research activities. Of course, these incidents were also costly to the healthcare organizations that had to restore service and mitigate the damages. These examples demonstrate the importance of proper security measures to prevent PHI breaches.

3. Ransomware

Hospitals and healthcare networks are under siege by ransomware—including several government agencies like the FBI, CISA, and the Department of Health. Since the beginning of the pandemic, they have warned of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” according to the National Cyber Awareness System.

While the healthcare industry was busy implementing the pandemic protocol and caring for critical patients, hackers were looking for ways to steal data and disrupt medical services. By October 2020, just six months into the pandemic, more than 24 hospital systems reported ransomware attacks. In the same period, researchers spotted more than 50,000 fake login pages for 200 well-known organizations.

Attackers are trying to distribute TrickBot and BazarLoader malware through sophisticated phishing campaigns. Healthcare is currently the biggest target for credential theft through email phishing, social engineering, and phony login pages. These fraudulent activities are highly successful in luring employees of healthcare entities or their third-party service providers to insert their username and password into a false login page embedded in an email or a phishing website. By checking a DMARC report, you can track and avoid these threats.

Healthcare organizations need to be vigilant against ransomware attacks and phishing because they are increasing even as the pandemic wanes. Plus, hackers are continuing to improve their techniques, making attempts even more challenging to detect. Some cyberattacks have even used zero font to bypass automated inbox security controls or posed as emails from entities like the CDC or a hospital’s technical support staff.

Learn about Atlantic.Net’s Fully Managed Malware Protection & HIPAA Compliant Cloud Services.

HIPAA Compliance & Cybersecurity Go Hand-in-Hand

Healthcare organizations shouldn’t have to face today’s threat landscape alone. However, partnering with cybersecurity professionals is the surest way to block attacks in the present and prepare for the threats on the horizon. I.S. Partners, LLC specializes in testing, certifying, and improving risk mitigation measures.

Read more about Rising IT Challenges in Healthcare as a Result of the Pandemic.