The mounting threat of COVID-19 has placed the healthcare system of many nations under a huge amount of pressure, and cybercriminals could be exploiting this to spread viruses - but instead of biological ones, these are computer viruses.
According to a study by US-based cyber insurance start-up Corvus, cybercriminals are increasingly turning to the health sector for targets. In January 2020, four healthcare entities reported attacks – the most in any quarter since 2017. Corvus predicted a rapid increase of 12 for the full quarter. In 2019, healthcare entities were targeted for a ransomware attack more than 24 times, and it seems that the frequency is only going to continue increasing.
Phishing is the most common method used in order to gain entry into healthcare entities’ systems, accounting for 91% of cases, according to the study.
“We know that phishing is the most common attack vector for ransomware and other malware attacks,” Mike Karbassi (pictured), head of cyber underwriting at Corvus, told Corporate Risk and Insurance. “With the accelerating outbreak of coronavirus, criminals hope to leverage the confusion and desire for official information to make their favored tactic even more effective. Security researchers have uncovered examples of phishing emails purporting to be from the Centers for Disease Control and the World Health Organization, attempting to get victims to download a PDF or click a link that supposedly contains important information about the virus.”
Additionally, many healthcare entities’ cyber defences are inadequate, the study found. While better than the average, over 75% of hospitals do not use email scanning and filtering tools, according to Corvus. Furthermore, individual health practitioners, such as physicians or dentists, are far less likely to use email authentication - they are 14% less likely than average to use this basic form of cyber defense.
Data showed that use of such tools can reduce attacks by 33% the likelihood of being a victim of a ransomware event. Hospitals are also six times more likely to be internally hosted compared to other healthcare institutions – this places responsibility for maintaining security in-house.
The COVID-19 outbreak has also made it a must for many workers to begin working from home. According to Karbassi, working remotely presents another opportunity for cybercriminals to gain entry into vital networks.
“Businesses also need to consider the security risk involved with remote work,” he said. “Attackers will seek any soft spots they can find, and businesses rushing to implement a fully-scaled remote work infrastructure, like a VPN or remote desktop environment, could cut corners. Like any part of the IT ‘stack’, these technologies can be complex to set up and roll out to individual users with proper training.”
Karbassi mentioned several technical aspects that risk and IT managers must take into consideration.
“Will a company rushing to equip its workforce properly configure its VPN to replicate the security of its in-office perimeter network?” he asked. “Will its employees find ‘shadow IT’ workarounds because of the difficulty of using certain systems, giving criminals an easy opportunity to access sensitive data?
“Consider also how a worker outside of the office could expose data in a more physical sense, like revealing passwords to someone looking over their shoulder at a coffee shop or divulging information verbally while on the phone when they think they are alone. These factors all exist today for any business that has employees on the road traveling, but you can multiply the risk in a fully-remote scenario.”
Want to learn more about the issues shaping the cyber insurance market in the US? Make sure you sign-up for our new - and completely free - virtual event, Broker Connect taking place on June 09.