As if the health care industry wasn’t dealing with enough stress and disruption right now, it’s also getting hammered with cyberattacks such as spear phishing and ransomware. Our new study found an alarming 83 per cent of Hong Kong health care organisations had already had at least one cybersecurity scare since shifting to
a remote working model during the pandemic and 67 per cent of them said their employees reported an increase in email phishing attacks.
It is not surprising that cybercriminals are targeting health care organisations, which are critical to our physical well-being and economic sustainability and recovery throughout
the Covid-19 pandemic. Although some criminal groups have promised to avoid targeting health care organisations during the Covid-19 crisis, most are still willing to attack. The World Health Organization has also reported a fivefold increase in cyberattacks in April directed at its staff and email scams targeting the public at large.
The worldwide response to Covid-19 has criminals trying harder to get into networks. Any information on a
possible cure or vaccine would be of great interest to private buyers and other governments. Research labs, testing facilities, hospitals and the WHO are just some of the targets we’ve seen so far.
The health care industry has been a favourite target for years because criminals have multiple ways to monetise the attack, and disruption of IT services can slow operations to a fatal pace. Criminals are betting that a ransom will be paid, especially during emergencies when normal operations require greater urgency.
Exposure of protected or personal health information (PHI) and electronic health records (EHR) can be devastating to organisations and individuals. Criminals who exfiltrate data from the organisation can then threaten to publish it if a ransom is not paid.
PHI and EHR are valuable to other criminals and can be sold for a higher price than a credit card or social security number. Criminals can also keep these records for their own identity-theft schemes.
