The healthcare sector is already facing the challenges posed by the COVID-19 global pandemic, however, the ongoing rampant cyberattacks are making it more difficult to handle the situation. Recently, espionage attacks on COVID-19 research and intellectual property have increased.
Recent Cyberattacks
Alleged Russian hackers behind the SolarWinds breach apparently infiltrated systems of the Agency for Healthcare Administration in Florida. The agency runs the state’s Medicaid program and other agencies. Besides, several other healthcare organizations have faced the wrath of cyberattacks.
Recently, the U.S. Justice Department seized two internet domains purporting to belong to Moderna and Regeneron developing treatments for the coronavirus, however in reality, it was a scam to steal visitors’ information.
Two weeks ago, a new Magecart skimmer was placed on multiple e-commerce sites, including websites for the popular hair treatment firm Bosley and the Chicago Architecture Center (CAC). In addition, ransomware operators attacked two diagnostic laboratories located in Virginia and New York. These two targeted laboratories are Taylor Made Diagnostics (TMD) and Apex Laboratory Inc.
Moderna Inc. was alerted by the European Medicines Agency about some documents being accessed in a cyberattack, related to pre-submission talks of its COVID-19 vaccine candidates.
Ransomware Threats
One of the major threats the healthcare sector is facing at present is ransomware attacks. In the last two months, several healthcare agencies were targeted, including Riverside Community Care, Leon Medical Center, Albertville Hospital, ESM Inc., US Fertility, Four Winds Hospitals, and Sonoma Valley Hospital.
The prominent ransomware families in these attacks include Conti, REvil, King Engine, and Mount Locker. In addition, the most affected regions were North America and Western Europe.
Conclusion
The healthcare sector is facing a barrage of cyberattacks and is expected to continue to be a target in the near future, as well. Thus, experts suggest educating healthcare staff, restricting access to data and applications, logging and monitoring, encrypting sensitive data, and implementing data usage controls.