Wednesday, 31 March 2021 14:38

Warning: COVID-19 ‘fertile ground’ for cybersecurity attackers to ‘take advantage’ of healthcare organisations Featured

0
Shares
By

COVID-19 provided fertile ground for attackers to sow confusion and take advantage of healthcare organisations on the front lines, according to global cybersecurity company Varonis.

Varonis says that from hospitals triaging patients around the clock to pharmaceutical companies developing advanced vaccines, cybercriminal groups have targeted entities and systems under massive stress.

According to a research report from Varonis, the recent attacks against the healthcare and biotech sector demonstrate maliciousness on an unprecedented scale and while their methods vary, the attackers’ is the same - to grab sensitive data to steal, sell, or extort.

According to Varonis, in 2020, cybercriminals unleashed potent variants of ransomware like Maze and Ryuk on hundreds of hospitals and state-sponsored actors zeroed in on pharma and biotech companies to harvest COVID-19 research.

“Insider threats continued to tax the healthcare sector, while simple human errors left vulnerable information exposed — posing additional risk in a year like no other. 2020 also marked the first year that a patient’s death has been directly linked to a cyberattack,” the Varonis reort notes.

“Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information — from personal patient data to valuable proprietary research– which makes them a prized target for skilled adversaries looking to steal, sell, or extort sensitive data.

“As the saying goes, hackers only need to be right once. One successful phishing email can set off a ransomware chain reaction that encrypts every file it touches. A single insider with unrestricted access to file shares can copy, change, or delete thousands or even millions of documents.”

Varonis says that to “shine a light on data security in the life sciences space”, Varonis developed the 

The research examines the state of data security – on-premises, cloud, and hybrid environments – for healthcare organisations including hospitals, biotech and pharmaceutical firms, and Varonis analysed a random sample of 3 billion files across 58 healthcare organisations – to determine how data in the industry is exposed and at risk.

Varonis says the report aims to help healthcare and biotech organisations better understand their cybersecurity vulnerabilities in the face of increasing threats and provides insight into how healthcare companies can mitigate future risk.

Varonis says healthcare sectors have their work cut out for them and its research found that on average, every employee within an organisation can access one out of every five files - and this overexposed data, in tandem with an increased number of attacks exhibiting new levels of sophistication, makes healthcare one of the most at-risk sectors in 2021.

Key findings of the Varonis research include:

- 1 in 5 files are open to every employee in healthcare organisations, on average. This increases to 1 in 4 when examining small and mid-sized organisations.

- 31,000 sensitive files (HIPAA + financial + proprietary research) are open to everyone, on average.

- Over 50% of organisations have more than 1,000 sensitive files open to every employee, on average

- 77% of organisations have 500+ accounts with passwords that never expire

- Every healthcare employee has access to over 11 million files overall — all it takes it one account to be compromised to let a hacker in

Varonis says that organisation-wide exposure of personal health information (PHI) and intellectual property represents an existential risk.

“Compared to financial services companies, the average healthcare and biotech organisation has about 75% less data. While healthcare entities have fewer files, they have a greater number of files open to every employee. Attackers that successfully compromise one authorised device could land and expand throughout the organisation or encrypt massive amounts of data with ransomware,” Varonis said.

“More than half of hospitals, pharmaceutical companies, and biotech firms have over 1,000 sensitive files exposed to every employee. One-third of the organisations evaluated have over 10,000 files open to every employee. Enforcing least privilege is a basic step every organisation can take to protect data from theft and misuse while ensuring compliance with regulations.”

“Ghost users — user and service accounts that are inactive but still enabled — give hackers an easy way to move through an organisations’ file structures undetected. Hackers often exploit this weakness to steal data or disrupt critical systems," notes Varonis.

“Varonis data analysis reveals that the healthcare sector falls well below average when finding and fixing this vulnerability.

"Seventy seven (77%) of the companies we surveyed have 501 or more accounts with passwords that never expire, while 79% have more than 1,000 ghost users still enabled.”

Varonis says it discovered that smaller organisations in particular have a “shocking amount” of exposed data, including sensitive files, intellectual property and patient records.

“On their first day, new employees at small companies have instant access to over 11,000 exposed files, and nearly half of them contain sensitive data. This creates a massive attack surface and increases the risk of noncompliance in the event of a data breach,” Varonis says.

“Larger organisations tended to have the most problems in their permissions structures, increasing the risk of data breaches stemming from cyberattacks.

“When data is overexposed and underprotected, organisations can quickly lose control as employees copy, share, delete or change even the most sensitive information. Unprotected information is an easy target for cybercriminals who only need to compromise one end user to gain a foothold into healthcare environments.”

According to Varonis, if 2020 portends what the future holds, cyberattacks targeting the healthcare sector will only worsen.

“While medical professionals made COVID-19 vaccination breakthroughs at an astounding rate, confirmed data breaches also increased by a staggering 58% as bad actors targeted vaccine research and high-priority intellectual property,” Varonis notes.

“Cyberattacks were also more sophisticated than anything in years prior. Examples include a global intrusion campaign that trojanised SolarWinds Orion business software updates to distribute a new type of malware called SUNBURST. This attack still has wide-ranging consequences and continues to affect government, consulting, technology, telecom entities.

“To get in front of increasingly malicious and sophisticated cyberattacks, hospitals, pharmaceutical companies, and biotechs need to double down on maturing incident response procedures and mitigation efforts.

“Enforcing least privilege, locking down sensitive data, and restricting lateral movement in their environments are the absolute bare minimum precautionary measures that healthcare organisations need to take,” Varonis concluded.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Security
Tagged under
Peter Dinham

Peter Dinham - an iTWire treasure is a mentor and coach who volunteers also a writer and much valued founding partner of iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Latest from Peter Dinham

Related items

More in this category: « Claims of AFP investigation into Nine attack appear to be overblown
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top