Pandemic Surge In Cyberattacks Pounds Hospitals

healthcare

The COVID-19 pandemic and the development of vaccines to combat the coronavirus have triggered an increase in cyberattacks on hospitals and healthcare agencies — and warnings about the dangers from the federal government.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, in a statement last fall.

Now, a new wave of hacking is again hitting as the healthcare system rolls out COVID-19 vaccines, The Wall Street Journal reported Tuesday (Feb. 2).

“The logs and the graphs show, oh, man, these have ramped up, it’s hard to deny that,” said Christopher Stroud, technology manager at Great Plains Health, a hospital based in North Platte, Neb. that serves around 183,000 patients a month. He told the Journal that Great Plains Health normally blocks around 10,000 attempts to access its servers daily.

But after the hospital began its first coronavirus antibody drug trials in November, it saw that number triple on average, he said. Some days, the number of attempted attacks has reached 70,000, he said.

Some of the culprits include ransomware gangs, financial scammers and hackers backed by nation-states. A former cybersecurity specialist in the U.S. Navy, Stroud told the Journal that he believes nation-state actors are behind some of the attacks against his Nebraska hospital.

COVID-19 times have brought new challenges for security and technology staff at hospitals. One huge change is that the number of employees working remotely from home has grown dramatically.

In addition, given the value of information on coronavirus treatments and vaccines, interest in attacks has grown. And the creation of vaccination and testing sites has expanded the number of targets for sophisticated criminals.

In fact, the U.S. Department of Health and Human Services said that almost every month last year more than 1 million people were affected by data breaches at healthcare organizations.

Under the Health Insurance Portability and Accountability Act, organizations that handle patient data must report breaches involving 500 people or more to feds within 60 days.