Check Point Research reports a 45% increase in cyber attacks on healthcare organizations worldwide in the past two months, making the healthcare sector the most targeted by cybercriminals.
According to the researchers, hospitals are very attractive targets because they are more willing to meet ransom demands, under the overwhelming pressure of the growth of Covid-19 cases and the push for vaccination programs. The healthcare sector has experienced an average increase in attacks of 45%, practically double the average increase of cyber attacks in all other industrial sectors.
The average number of weekly attacks in the healthcare sector reached 626 per organization in November, compared with 430 on average in the previous months. The waves of cyberattacks on the health sector occurred mainly in Central Europe, followed by East Asia, Latin America, Europe, and North America.
As for specific countries, Canada experienced the most dramatic increase with an increase of over 250% in attacks, followed by Germany with a 220% increase. Spain has seen ransomware attacks practically double in the healthcare sector. Italy is in fourth place with an 81% increase in attacks.
Identify the areas at risk: Adopt good security practice by reviewing the current health status of the network. Healthcare managers and administrators are required to know the location of the most important company databases, limit access to staff, and keep track of who is trying to identify weaknesses. Some team members may not need full access to files and folders to perform their tasks, and doctors can put in place low-cost process controls to prevent miscellaneous errors that can compromise the organization’s cybersecurity.
Use anti-ransomware solutions – Although ransomware attacks are sophisticated, remediation-enabled anti-ransomware solutions are effective tools that allow organizations to get back to normal operations in minutes if an infection occurs.
Introduce regular checks: A strategy should be developed to limit the number of attacks or data breaches, rather than restoring the functionality of a security system after they have occurred. Company contacts must be aware of the processes of transmitting, deleting, or publishing personal and control data to avoid that a small mistake made by an employee turns into a violation. By planning a strategy and periodic check-ups on the security of fixed and mobile networks, the managers of healthcare institutions can define a standard to measure their performance against controls.
As healthcare companies are becoming more and more interconnected, a plan is needed to address the state of mobile phone and network security before any attack occurs.