A Growing Threat to the Healthcare Sector | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Ransomware Attacks: A Growing Threat to the Healthcare Sector

Over the past few years, ransomware attacks on the healthcare sector have escalated drastically, transforming into a critical threat. Such an attack against the University of Vermont Medical Center cost the hospital about $65 million and disrupted key operations for over a month. The severity of this issue is exemplified by the guilty plea of cybercriminal Penchukov for his role in the IcedID attacks. Cyberattacks against the healthcare industry have surged, leading to considerations for stricter cybersecurity requirements and resources to enhance protection.

The rising number of ransomware attacks has led to a substantial increase in large data breaches reported to the Office for Civil Rights. From 2018 to 2022, the number of reported breaches increased by 278%, posing serious safety threats by disrupting hospital operations and delaying patient care.

Increased Vulnerability of Hospitals to Ransomware Attacks

Experts have been issuing warnings about the growing risk of ransomware attacks on hospitals in the United States. The expansion of online technology usage in healthcare has broadened the digital attack surface, making hospitals a lucrative target for internet thieves. The average ransom paid out to these criminals has skyrocketed, reaching $1.5 million in 2020. The FBI reported 46 and 25 cyberattacks on hospitals in 2020 and 2019, respectively, showing an alarming increase. As cyber threats grow, the Department of Health and Human Services is considering new cybersecurity requirements and rules for hospitals to fortify their defenses.

Implications of Cyberattacks on Hospitals and Patient Care

Being a victim of a cyberattack is a costly affair. It can put hospitals’ networks offline for weeks or even months. Similarly, cyberattacks such as Business Email Compromise (BEC) have been on the rise since the onset of the COVID-19 pandemic. The disruption caused by these attacks can have severe implications for patient care and hospital operations. In some instances, hospitals have been forced to divert patients and postpone surgeries. An attack can affect everything from patient care to payroll, and recovery can take months.

Governmental Steps Towards Enhanced Cybersecurity

The US Government Accountability Office (GAO) recently issued recommendations to the HHS regarding its oversight of ransomware practices across the sector. The report assessed four federal agencies, including HHS, to evaluate each agency’s efforts to oversee the sector’s adoption of leading cybersecurity practices. The Department of Health and Human Services is considering new cybersecurity requirements tied to hospitals’ Medicaid and Medicare funding. They are also rewriting the rules for HIPPA to include new provisions that address cybersecurity.

Case Study: The University of Vermont Medical Center

A Ukrainian man, Vyacheslav Igorevich Penchukov, pleaded guilty to a ransomware attack on the University of Vermont Medical Center (UVM) Health Network in 2020. The attack resulted in a $30 million loss and disruptions to patient care for over two weeks. Penchukov, the leader of two malware groups, had been involved in cybercriminal activities for almost a decade. The attack used IcedID, a sophisticated form of malicious software, to collect and transmit personal information and gain access to infected computers for other forms of malware, including ransomware.

The UVM case is a stark reminder of the growing threat posed by cyberattacks to healthcare organizations. Recent trends show that 88% of healthcare organizations have been targeted by cyberattacks, experiencing an average of 40 attacks in the past 12 months. These attacks lead to disruptions in patient care and significant financial losses, emphasizing the urgent need for robust cybersecurity measures in the healthcare sector.


Click Here For The Original Source.


National Cyber Security