SA’s healthcare sector is woefully ill-equipped to deal with the global increase in cyber attacks driven by the COVID-19 pandemic.
This is according to research conducted by local domain-based message authentication, reporting and conformance security firm Sendmarc, which warns that the personal data of healthcare patients has emerged as the most valuable to cyber criminals, as they capitalise on the uncertainty caused by COVID-19 to conduct malicious cyber activities.
While COVID-19 is proving to be a boon for cyber criminals across sectors, attacks on healthcare institutions are more lucrative for criminals, with the malicious actors expected to intensify their campaigns and ransomware attacks in the coming months.
With SA anticipating a second wave of COVID-19 infections, the country’s healthcare institutions are among the most vulnerable in the world to cyber crime during this period, and they are also among the most targeted globally, warns Sendmarc.
The security firm conducted a cyber security analysis of 219 e-mail domains used by South African hospitals, clinics, laboratories, treatment and medical practitioners, which showed the majority of the healthcare institutions have vulnerabilities that can be easily exploited by cyber criminals.
“Out of the total South African healthcare domains evaluated, almost all of them scored three or below on the Sendmarc Safety Score, meaning their domains are very easy to impersonate and are heavily at risk of a phishing attack,” says Sacha Matulovich, CSO and co-founder of Sendmarc.
“Domain-based impersonation attacks are just the key that opens the first door to the complete cyber crime. As these incidents increase, SA’s already stretched healthcare system faces even more pressure.”
Domain-based attacks are an easy and effective way for a criminals to gain access to the healthcare organisation’s staff or clients, with the ultimate objective being to steal funds through deposit fraud and steal personal data like ID numbers, e-mail addresses, residential addresses, medical results – for use in future crimes, or for sale on the dark Web or to deploy ransomware to the hospital’s IT networks, addsMatulovich.
Sacha Matulovich, CSO and co-founder of Sendmarc.
According to Sendmarc, since the start of the COVID-19 global pandemic in February until the end of March, phishing e-mails in the global healthcare sector spiked by over 600%, with one-third of these attacks using impersonation of a known brand as a tactic to steal money and data, or to deploy a virus or ransomware.
In April, Interpol issued a statement warning hospitals and governments that cyber criminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid.
The FBI says it has seencyber crime quadruple from the onset of the COVID-19 pandemic, with some attacks targeting the national healthcare sector and the US's COVID-19 research capabilities.
SA’s Life Healthcare Group suffered a cyber attack in June that affected its admissions systems, business processing systems and e-mail servers. While the attack did not affect patient care, it did result in administrative delays as hospitals in the group were forced to switch over to manual processing systems.
Global healthcare institutions that have in recent months suffered data breaches include University Hospital Brno in Czech Republic and the World Health Organisation, which has reported a fivefold increase in the number of cyber attacks directed at its staff since the start of the COVID-19 pandemic.
Eric Mc Gee, cyber risk leader of Risk Advisory, Deloitte Africa, agrees with Sendmarc’s report, pointing out: “The pandemic is an ideal topic that cyber criminals exploit for phishing attacks. As such, the report correctly points out that SA healthcare institutions are easy to impersonate, thus creating opportunity for cyber criminals to appear more credible when launching attacks by pretending to be from these institutions.“
The risks for local healthcare institutions are much higher and will be a target for cyber criminals that will want to extort money from targets, with inadequate cyber hygiene practices being one of the major contributing factors to increasing attack surface among local institutions, notes Mc Gee.
“While e-mail is certainly an important vector of attack and abuse during the pandemic, other important factors include data security and protection of private information that will need urgent attention due to severe implications brought about by the Protection of Personal Information Act (POPIA),” explains Mc Gee.
The purpose of POPIA is to ensure all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information.
Paul Saunders, product manager of data analytics at health tech solutions firm Altron Health Tech,says the two major challenges facing IT service providers in SA’s healthcare industry are the high costs associated with protecting sensitive information and the vast volumes of data that need to be stored and protected.
“The breach at Life Healthcare during June points to the ill-preparedness of local institutions to fight crime. Global healthcare institutions generally don’t have the huge shortage of security skills that we see in SA, and their infrastructure is more modern and kept up to date.
“Healthcare information is constantly changing. The volume of it keeps growing. A simple patient consultation generates a huge volume of sensitive data. With volume comes complexity and with complexity comes more opportunities for criminals to slip in through the cracks.”