Hospitals
and clinics in Canada can’t cope with growing cyber threats amid the COVID-19
pandemic, say healthcare and cybersecurity professionals. The reason?
Healthcare institutions spend a bare minimum on IT, putting every dollar to
front-line care services. Criminals know this – and are increasingly exploiting
it.
A CBC Canada report reveals that the country’s health system has been under siege from cybercriminals trying to steal patient information and other data in recent years.
The report
highlights several recent incidents, including last year’s hit on LifeLabs, a
Canadian diagnostic and specialty testing company, ransomware attacks on three
Ontario hospitals in October, the hack of eHealth Saskatchewan earlier this
year, and an incident at a medical center in Nova Scotia that exposed
personally identifiable information about surgeries.
With
cybersecurity incidents growing in number, the federal government’s Canadian
Centre for Cybersecurity warned health organizations involved in the national
response to COVID-19 to watch out for cyber-attacks, including ransomware and “sophisticated
threat actors” that may try to steal intellectual property related to
COVID-19 research and development.
Even if they
take the alert seriously, medical institutions have a very big problem on their
hands: no money to hire skilled IT personnel or to buy cyber-safeguards. All
while medical records fetch up to $200 on the dark web because they give
malicious actors immense leverage in fraud campaigns.
The CBC report
aggregates expert opinions, including one from Raheel Qureshi, co-founder of a
cybersecurity consulting firm that deals with hundreds of health organizations across
the country. Qureshi says the healthcare sector is targeted more than any other
industry in Canada, accounting for 48 per cent of all security breaches in the
country last year. Most notably, he had the following to say about hospitals in
the context of cybersecurity:
“A lot
of health-care organizations are still in the middle of some kind of security
road map, or they’re starting the conversation now to understand, ‘What do we
need to do?’ Banks started doing this 15, 20 years ago.”
And it’s
true. A hospital is the last place you’ll find a team of IT gurus trained in
cybersecurity matters, yet hospitals need these resources now more than ever.
And it’s not
just Canada that needs to up the ante in the cybersecurity department. Hospitals
and healthcare facilities around the world are prime targets of a wave of
cyberattacks, including ransomware attacks, Bitdefender telemetry shows.
We’ve also seen the number of cyberattacks and ransomware incidents directly targeting healthcare increase significantly over the past couple of months. For instance, the number of global cyberattacks targeting hospitals in March increased by almost 60 percent from February, marking the highest spike in our global evolution of cyberattacks detected at hospitals over the past 12 months. Learn more in the Bitdefender Labs research, “Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic.”