Healthcare Data on Dark Web: How Threat Actors Exploit Covid-19

The arrival of the COVID-19 pandemic has created several unprecedented circumstances that have completely changed the way the world works. However, as we stepped into 2021, even the situation with the pandemic has entered a new stage. Vaccination drives are being carried out around the globe and cyber criminals have thoroughly exploited this opportunity to get hold of confidential healthcare data for selling and trading on the Dark Web.

The healthcare sector has been a prime target for threat actors ever since the beginning of the pandemic. Whether it’s in the form of ransomware attacks on hospitals or data breaches targeting Covid vaccine manufacturing firms, the healthcare sector has been at the receiving end of many disruptive cyber attacks.

Reuters reported that Covid-19 vaccine data was stolen from the drugmakers Pfizer and BioNTech. In another news article, it was revealed that Chinese hackers targeted Indian Covid vaccine makers Bharat Biotech and Serum Institute of India. 

After months of terrorizing the healthcare industry, cyber criminals have also shifted their focus towards the individuals accessing the Covid vaccines. Personal data of these individuals is being sold on the Dark Web. With the expansion of the Covid vaccine rollout, more data will be available for cyber attackers to sell and trade. 

An article published by HIPAA Journal in January 2021 mentioned that healthcare institutions reported 616 data breaches of 500 or more records in 2020. Furthermore, this article also revealed that 28,756,445 healthcare records were exposed.

Source – HIPAA Journal

Another finding by IBM suggests that the data breaches in the healthcare sector are the costliest, as they cost $7.13M on average.

 

Challenges Faced by the Healthcare Industry

The Healthcare industry faces a plethora of cyber security challenges, such as-

  1. Ransomware – The healthcare industry faces a big risk in the form of ransomware attacks. Threat actors have used this attack vector to target hospitals and have succeeded in extorting a huge ransom after blocking access to or shutting down their critical equipment. Recently, two French hospitals had to shut down patient operations after being hit by a ransomware attack.

     

     

  2. Threats originating from the cloud– As there has been an increase in the information stored by healthcare institutions on the cloud, it has opened up an opportunity for cyber attackers to fetch information.

     

  3. Phishing Attacks – Phishing attacks intended to harvest credentials and other sensitive information is a very potent threat faced by healthcare institutions. According to Security Magazine, in November 2020, a US hospital in the state of Iowa was hit by a phishing attack that resulted in the exposure of personal data of around 60,473 individuals.

Proactivity Against Cyber Attacks

“Education is an important part of the security leader’s role. I often share the idea with our clinicians that security plays an important role in the overall patient care – both from an information protection and safety side”

-Stephen Dunkle
 CISO (GEISINGER)
 (Source – HIMSS)

The Healthcare industry has to be proactive in dealing with potential cyber threats. Here are a few measures healthcare institutions can take to prevent cyber attacks-

  1. Use software with updated security patches – Organizations in the healthcare industry can reduce their weak spots by using updated software. Updated software is difficult to exploit for threat actors.

     

  2. Conduct periodic VAPT – Conducting Vulnerability Assessment and Penetration Testing can identify the vulnerabilities in the organization’s IT infrastructure. It can help you in fixing the exploitable weaknesses.

     

  3. Use Multi-Factor Authentication (MFA) – MFA is essential to ensure that an account isn’t compromised even if cyber criminals somehow obtain the credentials.

     

  4. Make employees cyber aware – Cyber security awareness among employees can be really helpful in stopping the attempted cyber attacks right at the start. A cyber-aware employee will confirm twice before clicking on a link or submitting any information to an untrusted source. Security awareness tools like ThreatCop can help in generating cyber security awareness among your organization’s employees.

     

     

So, what else, according to you, can be done to prevent data leakages from organizations, especially the ones belonging to the healthcare sector?

Turn Your Employees Into A Cyber Threat Shield

Make your employees proactive against prevailing cyber attacks with ThreatCop!

Leave a Reply

Your email address will not be published. Required fields are marked *