The healthcare sector has long been a target of cyber attackers interested in stealing cutting-edge research or patient data that can be on-sold. But today’s cyber criminals are becoming more destructive and dangerous – and healthcare is in their crosshairs more than ever.

In Australia, we are seeing financially motivated cybercriminals pivot towards so-called ‘data theft extortion’ attacks. They steal information – like patient records or photographs – and threaten to expose it unless a ransom is paid. Sometimes they also deploy ‘ransomware’, malware that locks up data or systems to disrupt or completely shut down the victim’s business operations. Both kinds of cyber extortion can be thought of as a modern-day protection racket, with victims coerced into paying criminals who cause or threaten harm.

Increased targeting of elective surgery and medical businesses by cyber extortionists

The impact and frequency of cyber extortion attacks on healthcare organisations has increased exponentially in 2021. In fact, nearly 15% of cyber extortion attacks we observed in Australia this year targeted the sector. Affected clinics were left unable to provide urgent medical care in the midst of a global pandemic. These incidents earned widespread media attention and prompted police to take action against some of the culprits.

The effect of this publicity has been bittersweet. While attacks on hospitals and urgent medical care facilities have decreased, attacks on profitable healthcare businesses offering elective services have increased. Cosmetic surgeries are seen as ‘guilt-free’ targets for criminals and are judged as able to afford ransom payments. They also hold highly sensitive information about their patients – catnip to enterprising cyber criminals.

Protecting against cyber extortion attacks

There is no ‘silver bullet’ hardware or software that will eliminate the risk of cyber extortion. But there are things you can do to minimise the risk of a successful attack and to protect your business, reputation and your patients’ privacy if you have been hacked.

  1. Have a plan

Not just any plan, but a business continuity plan that you can refer to when a cyber incident occurs. This will help you work through the incident efficiently and avoid improvisation that can lead to mistakes. At a minimum, the plan should:

  • Identify systems and data required to maintain critical business operations,
  • Cover how to restore critical systems, including in what order of priority
  • Specify alternative ways of working to keep operations running during an attack.
  1. Maintain up-to-date backups

You should maintain up-to-date backups of key data you will need to restore quickly. A good strategy will include:

  • Multiple backups in multiple locations, including at least one offline – redundancy is important because attackers often target backups
  • Regularly testing backups to ensure they will work if needed.
  1. Educate your people

Cyber attacks are often thought of as being caused by technological failure, but in fact it is often the human element that fails. Phishing emails continue to be the most common and effective attack vector we see. It’s paramount that you proactively educate your staff on what phishing is and why they should care. This can be done by:

  • Having an up-to-date education program – phishing lures frequently change and attackers keep coming up with new ways to sneak through security filters, making awareness of phishing trends vital
  • Using a phishing simulation service that educates staff on the purpose, characteristics and risks of phishing emails
  • Regular auditing to assess whether employees follow security standards, especially when working remotely
  • Creative ways to keep cyber hygiene on everyone’s mind, whether via regular awareness campaigns or company-wide alerts on recent relevant cyber attacks. AMP

CyberCX offers end-to-end services including strategic consulting, security testing and training, world-class managed services and engineering solutions to manage your business’s cyber risk. For more information visit cybercx.com.au or call 1300 031 274.

Recent incidents

June 2021: Attackers breached a major plastic surgery clinic in Seoul, South Korea. They then contacted patients directly, threatening to release their personal information and demanding ransom payments in Bitcoin.

February 2021: In a press release on their dark web blog, prolific ransomware group Babuk singled out private plastic surgery clinics as organisations that they intend to target in future.

December 2020: The Hospital Group, UK’s elite cosmetic surgery chain frequently visited by celebrities, was targeted in a ransomware attack by a criminal group called REvil. The attackers threatened to release stolen patient photographs unless a ransom was paid, stating that the “intimate photos of customers are not exactly a pleasant sight”.

May 2020: Now-defunct ransomware group Maze breached two plastic surgery clinics located in Washington and North Carolina. They leaked patients’ personal information on the internet after the clinics refused to pay the ransom.

Jana is a Senior Cyber Intelligence Analyst at CyberCX, Australia and New Zealand’s largest cyber services company. Jana specialises in cyber threats affecting the health and aged care sectors. Prior to joining CyberCX, she worked as a cyber intelligence analyst for pharmaceutical giant Merck and within multiple divisions at Amazon and NATO.
Previous articleBack pain drugs ineffective & risky
Next articleAesthetic Medicine News Roundup