The number of hacker attacks on medical facilities in 2020 increased by 91%, according to Positive Technologies (PT). Attacks on healthcare organizations accounted for 9% of all incidents in 2020, overtaking the traditionally leading financial industry (7% in 2020). In medicine, cybercriminals primarily hunted for data from hospitals, but attacks on vaccine developers, laboratories, pharmaceutical companies and related businesses have also been reported.
In 66% of cases, attackers used social engineering methods like phishing emails to gain access to computer networks of medical facilities, according to PT. Cybercriminals used direct hacking in 21% of cases. In the rest of the cases, the attackers either picked credentials for authorization or exploited web vulnerabilities, according to PT.
“The most common pattern of hacker behavior is getting a ransom for decrypting data. For medical institutions, equipment failures are critical, so the chances of getting the required amount are quite high, ”said Ekaterina Kilyusheva.
Also, medical institutions are of interest to hunters for patient data. Hackers can sell them on the darknet to other criminals or demand a separate ransom from the hospital for nondisclosure, the specialist said. When a celebrity is hacked among the clients, the star can also be blackmailed, added Ekaterina Kilyusheva.
“Some clinics provide clients with the ability to pay for services online. In this case, attackers may try to steal payment data, ”the expert said.