Connect with us

Hi, what are you looking for?


Meeting the healthcare sector’s unique cybersecurity challenges

In 2020, more large healthcare data breaches were reported than in any other year, according to a recent report by IntSights, a Rapid7 company.

By Paul Prudhomme
Head of Threat Intelligence Advisory, IntSights, a Rapid7 company

In August 2021, as many citizens in Manila looked to get vaccinated against Covid-19, the city’s vaccination website was attacked by hackers 133 times.

The city’s mayor later told news outlets that “troll farms” were possibly behind the hit on the vaccination registration site, seeking to deny real users from using it.

The attacks were not the only cyber threats facing the Philippines’ healthcare sector during the pandemic, as it tried to help citizens navigate the crisis.

Earlier, in November 2020, a software tool that healthcare workers in the Philippines used to share data about Covid-19 cases was found to contain multiple flaws that could potentially expose patient data.

Researchers at a laboratory at the University of Toronto discovered vulnerabilities in the Covid-Kaya platform’s Web and Android apps that allowed unauthorized users to access private data about the platform’s users, according to cybersecurity news website Threatpost.

Advertisement. Scroll to continue reading.

These incidents are reminders of the need to manage cybersecurity risks as healthcare providers digitalize rapidly to improve patient care and meet the urgent demands of a pandemic.

The Philippines is certainly not alone here. In the Italian city of Lazio, cyber attackers managed to disable the Covid-19 vaccination booking system last year, preventing citizens from getting their vaccination appointments for days.

Hackers likely believed this would pressure the Italian authorities to pay up the ransom to unlock the systems they had disrupted through a cyberattack.

Unsurprisingly, during the pandemic, cyber attackers have sought to exploit the confusion and fear of citizens and government agencies, hoping to cash in as victims often became desperate in life-and-death situations.

In 2020, more large healthcare data breaches were reported than in any other year, according to a recent report by IntSights, a Rapid7 company.

In addition, 2021 saw five consecutive months (March through July) in which industry data breaches have been reported at a rate of two or more per day.

While cybersecurity is a threat to all organizations, healthcare providers face some unique challenges, particularly during the pandemic.

Advertisement. Scroll to continue reading.

For starters, the personal details in protected health information (PHI) are useful for criminal groups that wish to commit identity and insurance fraud.

Once data such as social security numbers of medical records are leaked on underground criminal forums on the Dark Web, they can be reused and exploited repeatedly.

While it is true that the healthcare sector is highly regulated in terms of security and data protection, this can sometimes work against organizations in the sector.

For instance, cyber attackers may count on victims in the healthcare sector to pay up a ransom because they would otherwise incur a hefty fine from government regulators for losing patient data.

This could give them additional leverage compared to, say, a victim in another sector that does not have the same stringent regulatory oversight.

Another unique feature of the healthcare sector is the medical devices that are connected to a network all the time.

IntSight’s study in the United States found that some healthcare providers had not been updating their devices with the latest firmware because they were worried this might void the approval already received from the Food and Drug Administration.

Advertisement. Scroll to continue reading.

Although the authorities only ask that significant modifications be sent for approval, some providers become “over compliant” and end up not updating the software on their devices.

As a result, these devices could be left in a vulnerable state for years – many of them run for a decade or more – and act as a perpetually open door for cyber attackers to enter.

There is yet another worrying thing for the healthcare sector. Despite the value of highly personalized data that can be stolen here, the price of unauthorized access to a healthcare organization is relatively low among criminals.

The lowest price in a data sample that IntSights obtained, from monitoring underground criminal networks, was just US$240, for access to a Colombian healthcare organization.

This could be because of a perception that it is relatively easy to steal data from a healthcare organization or simply that there is an oversupply of such information.

These findings from IntSight’s global study offer valuable lessons for Southeast Asian healthcare organizations, particularly on how to reduce their risk and improve their security posture.

Here are four important steps:

Advertisement. Scroll to continue reading.
  1. Establish priorities: Find and address the most critical vulnerabilities first, then identify which assets are most likely to be targeted
  2. Integrate cyber threat intelligence: Discover threats before they arrive at your doorstep, then tailor defenses against them.
  3. Build robust ransomware defense: Use offline backups and strong encryption; avoid the temptation to pay off a ransomware gang.
  4. Balance usability and cybersecurity: Use multi-factor authentication on a mobile app and limit remote access to a bare minimum, for example, to reduce risk.

Increasingly, cyber criminals are seeking more effective ways to pressure their victims to cough up ransoms. Besides stealing and locking up precious data, they also extort victims by threatening to expose sensitive data.

For healthcare organizations, the key to overcoming such new cybersecurity challenges is first understanding the unique risks that the sector faces and trying to keep a step ahead. Constant vigilance has to be the norm.


Like Us On Facebook

You May Also Like


The world has seen some high-profile incidents where cybercriminals took advantage of the weaknesses of ICT vendors, and used them as attack launch pads...


BlueNoroff is part of the larger Lazarus group and uses their diversified structure and sophisticated attack technologies. The Lazarus APT group is known for...


Cybercriminals can target a variety of industries, from airlines, hospitals, government websites, banks, telecom companies, universities, e-commerce, and even social media giants through different...


In the 2021 vendor benchmark, Kaspersky garnered the highest satisfaction ratings from its partners in the region in terms of commitment (97.8%), overall ease...


Sophos explains how attackers attempt to bypass security controls by using a combination of Windows Safe Mode and the AnyDesk remote administration tool. Windows...


Amid all the excitement and innovation surrounding human augmentation – particularly the growing use of bionic devices aiming to replace or augment parts of...


Tor2Mine is a Monero-miner that has been active for at least two years. 


Through its #makeITsafePH campaign, Globe continuously rolls out the Digital Thumbprint Program (DTP), containing materials on cybersecurity and safety for consumers and businesses across...