The dangers of “connected” healthcare: predictions for 2022
2021-11-23 19:00:26 Author: securelist.com(查看原文) 阅读量:24 收藏

Kaspersky Security Bulletin

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in medicine.

Part of our predictions last year were based on the assumption that in 2021, the pandemic will continue for at least a few months and, because this assumption turned out to be accurate, so did many of our predictions.

As we predicted, there was a significant increase in the number and size of medical data leaks. A 2021 report by Constella Intelligence found that the number of personal data leaks in healthcare grew by half when compared to 2019. Several factors contributed to that. First, the digitization of healthcare has significantly increased over these past couple of years, and thus, because there was more data to leak, the volume of these leaks increased. Second, cybercriminals had already started paying more attention to the industry, and they certainly lost none of their interest in 2021. As we predicted, they continued to use the medical theme as bait and, as a result, their victims were often medical professionals.

The beginning of the mass vaccination campaign also led to many fraudulent scams. After the first vaccines appeared on the Internet – and especially dark web forums – a busy trade in vaccines began online, with no one being able to verify the authenticity of the vaccines being sold. Nevertheless, these scammers found buyers wishing to obtain vaccines as quickly as possible. Later, offers for fake vaccination certificates and various QR codes appeared, which were bought by users who wanted to evade the restrictions imposed on those who were unvaccinated.

Our prediction that hacking attacks against vaccine developers would ramp up did not come true. The main instances of these attacks occurred at the end of 2020. Most vaccines appeared on the market shortly afterwards and, by all appearances, it seemed as if it was no longer necessary or worthwhile to meddle in the process of their development or to steal confidential information.

Ransomware groups continued to attack medical organizations. In September, new research was published indicating that the type of attacks has led to an increase in patient mortality, as well as delayed test results, and delays in providing treatment and discharging patients from hospitals. In fact, in the fall, a story of a death caused, not in a statistical sense but rather directly, by a ransomware attack on a medical institution caught the media’s attention. As a result of a ransomware attack, an infant in a US hospital died after the doctors could not provide adequate treatment due to frozen computers. Unfortunately, despite the best efforts by medical institutions and information security companies, the healthcare industry remains one insufficiently protected and vulnerable to attacks of this kind.

Predictions for the year 2022

  • Telemedicine will continue evolving. This means more applications for doctor consultations and patient health monitoring will appear, and cybercriminals will have the opportunity to discover security holes in a whole slew of new applications created by developers who have never made this kind of products before. What is more, malicious counterfeits of telehealth apps will most likely appear in app stores: fake apps that will imitate the real thing and promise to deliver the same functionality.
  • Demand for fake digital medical documents will increase, as will supply. The more privileges are given to those with a COVID passport, the more people will be interested in buying one instead of getting vaccinated or tested.
  • The sensitivity of the medical data found in leaks will grow. The data contained in medical records is, by itself, highly sensitive. However, digitization possibilities for medical equipment are growing, and providers are more frequently using wearable devices or even sensors implanted in the human body to collect even more sensitive data that is not necessarily of a medical nature. These devices may, for example, provide details of the person’s movements.
  • The medical theme will forever be a popular one for use as bait in cybercrime schemes. Since the beginning of the pandemic, an increasing number of medical services have moved online either partly or in full, so patients now watch for notifications about test results and messages from doctors. Therefore, a letter, spoofed as an important “medical” notification can be just as successful in catching victims off their guard as fake messages from banks.
  • The growth in the number of data leaks and ransomware attacks on medical organizations makes clear, among other things, a lack of information security awareness in healthcare employees. If the year 2022 does not see a wide-scale training process – and none is expected at the moment – we will witness a continued increase in the type of attacks in question.
Reports

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.


文章来源: https://securelist.com/connected-healthcare-predictions-for-2022/104969/
如有侵权请联系:admin#unsafe.sh