Healthcare Cyber Report

Healthcare cyber-crime has increased an estimated 600% since the Pandemic began. Not only has COVID-19 created patient outbreaks in our hospital system, but it has also led to an increase in sophisticated phishing emails strategies and malware distribution across our Canadian healthcare system. While phishing attacks are not the only method of breaching healthcare infrastructure, it is undoubtedly one of the easiest ways to get access. Providing comprehensive cyber security training for employees and proactively addressing potential security issues using healthcare penetration testing to protect against the most common exploits being faced by the hospital industry.

How Pandemic has Impacted Cyber Crime & Health Organizations in Canada

With cyber-crime on the rise in Canada, small and medium-sized businesses are often used as entry points for more significant attacks across business networks. According to a Canadian Security magazine survey, over 99% of respondents said attack volume has increased during the past 12 months of COVID-19. With web application attacks and OS vulnerabilities being the leading cause of breaches, third-party application attacks were also noted as a threat to Canadian security. Over 86% of respondents said attacks have become more sophisticated, with 100% sharing that their company suffered a security breach in the last 12 months. The average organization experienced 1.1 breaches during the 12-month period.Most concerning is that Canadian companies said they are using an average of 9 different cyber security technologies to manage their defence program.

Ransomware & Healthcare

Ransomware is a type of malware that encrypts the infected device, attached devices or networked drives. Once the malware has encrypted the files, they become unusable without the decryption key. This is when attackers demand a ransom before releasing the devices from their grip. Typically payment requests take place over non-traditional currencies such as Bitcoin, where any transactions are anonymous and irreversible. Hospitals vulnerable to ransomware may have critical services disrupted that can impact surgeries, life support and trauma departments.Unfortunately, many of these ransoms are paid by hospital management because hospitals cannot afford the downtime, loss of information or disruption in critical care infrastructure. Cyber-attacks are usually targeting private information, medical history and other sensitive patient records. With the rapid adoption of IT in hospital infrastructure, many security considerations have been overlooked. Therefore it is essential to have cyber security protocols and controls reviewed and tested regularly.

Confidential Data Leaks

Patient Information & Data Breaches in the USA Foreign hackers attacking healthcare systems is not new. In 2015 a cyber-attack in the US gave hackers 78.8 million patient records, including names, social security numbers, home addresses and dates of birth. As patient data becomes increasingly valuable during security breaches, cybercriminals seek out databases ripe with personal information to supply the next phase of complex identity theft schemes to undermine the government. This information is then repurposed to obtain medical services, medications or fraudulently receive government benefits like Medicare. With an increasing amount of IoT devices being used across healthcare, from wearable location trackers to life-supporting devices such as pacemakers, the risks for security gaps increase as new patient technology becomes integrated within the healthcare service industry. With new data breaches happening across the USA every day, the healthcare industry in Canada faces similar threats to foreign cyber-attacks.

LifeLabs Breach in Canada

One of Canada’s most famous hospital and healthcare cyberattack cases is the October 2020 Lifelabs breach, where over 85,000 Ontario residents had their medical test results stolen by hackers. Considered one of Canada’s largest providers for medical lab diagnostic services, LifeLabs hosted medical testing data for almost half of the country’s total population, about 15 million Canadians. Their clinics perform over 112 million laboratory tests to help diagnose, treat, monitor and prevent health problems across Canada. The cyberattack quickly prompted the CEO of Lifelabs, Charles Brown, to call the incident “a wake-up call for the industry.”Ultimately the LifeLabs management decided to pay the ransom and decrypt the files on their servers for an undisclosed amount. We recommend saving the hassle and potential lawsuits by implementing by working with a security partner to ensure your controls are tested regularly to prevent the growing risks of future Ransomware attacks.

It can be overwhelming for a business to know how to detect, prioritize and fix vulnerabilities on their own. The safest option is to entrust the services of a professional cybersecurity company that can help create a customized vulnerability management tool. Cycura can equip your team to fight back against the cyber invaders starting with an enterprise vulnerability assessment. 

Do you have more questions related to security vulnerabilities in technology? See if our Penetration Testing services are right for you.