During the pandemic, cyberattacks on healthcare facilities and public health researchers have nearly doubled based on new data. The statistics gotten from cybersecurity firm Infosec and compiled from the US department of Health and Human services shows that there have been about 127 breaches of US hospitals and healthcare systems since February till May 18 of 2020.
With the data, it showed a big 50% increase from the 66 breaches during the same span of time back in the year 2019 and another cybersecurity firm, Bitdefender also noted a 60% increase in breaches from February to March of this year alone. The Red Cross says it has seen an increase in cyberattacks on health care facilities and hospitals since the start of the COVID-19 pandemic.
The Red Cross then released an open letter yesterday, first reported by Reuters, which was signed by 48 politicians and dignitaries from over the world calling for governments to protect healthcare systems and hospital from attacks.
“Over the past two months there has been one attack every three days on healthcare entities,” said Stéphane Duguin, Chief Executive Officer of the CyberPeace Institute, in a statement to Digital Trends. CyberPeace released the letter jointly with the Red Cross. “Today’s call is aimed not only at attacks but also for more robust state-sponsored response.”
In recent weeks, there were numerous cyberattacks on Czech Republic, France, Spain, Thailand, Australia and The United States and even world organizations such as the World Health Organization. The Red Cross also aaid that it “recorded more than 200 physical incidents of violence against health workers and facilities linked to COVID-19 across more than 13 countries since the beginning of the pandemic.” The HHS saw its own attack in March of this year, according to Bloomberg.
Health care systems have historically been easy targets for target as Verizon’s recent Data Breach Investigation Report, the health care industry reported the highest number of actual breaches in 2019 which is a total of 521 up from 304 back in the year 2018.
There had always been large number of high-value data like credit card and social security numbers, birthdates and addresses inside hospital’s vulnerable systems and so hospitals have not operated with high degree of cybersecurity and general security awareness training according to Infosec’s spokesperson. So in general hospitals and other medical institutions including research firms are considered very easy targets due to their lack of security awareness said Chris Kennedy who is the chief information security office of AttackIQ, another cybersecurity firm.
“You’ve got these legacy operating systems that are often very antiquated and internet capable, and that places them at a high risk of exploitation,” Kennedy told Digital Trends. “It’s a big deal to upgrade them, so they become the soft underbelly of an organization that gets attacked.”
In the past, hospitals have also paid out ransoms to get back crucial medical information that hackers have stolen.
“Think about the rules of war. There are bounds defined by the Geneva Convention that define the rules of war,” said Kennedy. “That doesn’t exist in cyberspace. Here we are in middle of global pandemic, it’s safe to assure there are state sponsored actors and terrorists thinking about ways they can induced further terror, as a way to capitalize on this opportunity.”