How healthcare institutions protect themselves against cyber attacks

Since 2019, public authorities, universities and healthcare institutions have increasingly become the target of hacking attacks. The Berlin Court of Appeal, the University of Gießen and the Hospital of Fürth are only the best-known victims of cyber criminals. And they have two things in common: in all cases the IT infrastructures were infected with the malware Emotet, and the consequences of all infections were catastrophic.

IT systems had to be completely shut down and then rebuilt, sensitive data was stolen and work came to a standstill in many of the affected facilities. The consequences were particularly serious for the Hospital in Fürth, which treats around 100,000 patients a year, 42,000 of whom are inpatients: at times, no patients could be admitted here and even operations had to be postponed.

Hospitals are increasingly threatened by cyber attacks

The banking Trojan Emotet was discovered in 2014 and is now considered one of the most dangerous threats to IT infrastructures – partly because Emotet often loads additional malware that allows attackers to read login data and gain full remote access to IT systems. The Federal Office for Information Security (BSI) expressly warns against Emotet.

But that’s not all: According to a study relating to the American health care system, malware attacks on hospitals are increasing rapidly: In the first nine months of 2019, there were 60 percent more threats in the health sector than in the same period last year. This does not even includethe special threat caused by the Corona pandemic.

Lack of IT security in healthcare facilities

In addition, malware like Emotet, TrickbotorQakBot is constantly being developed and refined. This is perhaps the greatest danger in attacks on health care facilities: in many cases these facilities are underfunded, which ultimately leads to security problems because the existing technology and defence mechanisms cannot keep up with the current developments of cyber criminals.

Und so schließt sich der Teufelskreis: Veraltete IT-Systeme führen zu Malware-Infektionen, und die Unersetzbarkeit medizinischer Infrastrukturenführt zu einer höheren Bereitschaft, Lösegeld zu zahlento be able to use affected systems again as quickly as possible. This in turn attracts more and more attackers to make health care facilities the target of attacks.

Emergency plans for cyber protection are needed

That cyber criminals are increasingly attacking during the Corona crisis has prompted the EU IT Security Agency to demand emergency plansfor malware infestation from hospitals. The paper points out, among other things, the numerous areas of attack that the health care system offers criminals: Clinical information systems and medical devices such as computer tomography scanners could be paralysed by attacks, as could surgical robotswearables, emergency call systems, health apps and classic network devices.

How can institutions protect themselves?

Social engineering, CxO Fraud and a high quality of fake emails show that malicious code is increasingly difficult to detect nowadays. Scam emails from the infamous Nigerian prince have had their day and have been replaced by authentic-looking emails that fit seamlessly into existing communications.

Accordingly, healthcare professionals must first be made aware of the dangers and encouraged to be vigilant at all times when dealing with email. Shortage of nursing staff, lack ofdoctors and tense working conditions also in the IT departments let the call formore attention in email communication fadeaway.

This is a mistake, because emails are still the most commonly used way to infect the IT of hospitals and other institutions with malicious code.And unnecessary:With an easy-to-use email securitysolution, cyber securityisautomated while freeing up resources for other departments and projects.

The best protection against cyber attacks is an effective email security solution that reliably detects and neutralizes dangerous emails – for example, by automatically deactivating malicious links in emails or PDFs or by immediately rejecting the respective emails.

Secure email communication is the basis for IT security in the healthcare sector. NoSpamProxy offers comprehensive protection against malware, ransomware and other unwanted emails withthe zero-trustapproach for links and attachments to emails.