Wave of Cyberattacks Hits Health Care

Covid19 has hit hospitals and other health care institutions particularly hard, infecting workers, drastically reducing revenue and tearing into security defenses and exposing patient data as cyberattackers expose vulnerabilities while attention is diverted elsewhere. The rollout of telehealth systems opened up a new front in the battle for data security. Weeks after the World Health Organization declared a pandemic last March, the organization itself was reporting a five-fold increase in cyber-attacks on its own systems. In the United States, the U.S. Health and Human Services Department was hit by a DDoS assault. By May, the Cyber Security and Infrastructure Security Agency (CISA) was advising healthcare staff to change passwords and implement two-factor authentication due to a surge in password spraying attacks. According to one cybersecurity specialist, “Healthcare data carries an extraordinarily high value on the black market, typically worth 10 to 40 times more than a credit card number. Transferring such valuable information over unencrypted technologies, as now temporarily permitted, creates a situation ripe for hacking. Hackers can simply insert themselves in the unsecured communication, take the information they desire, and proceed to sell the information to perform various types of healthcare fraud or identity theft.”