Building on the Cybersecurity Lessons From 2020
With the rapid transformation to the digital healthcare delivery model and adoption of remote-working, 2020 produced additional opportunities for cybercriminals to exploit the pandemic situation for financial gain.
We witnessed many Canadian and international healthcare organizations suffer cybersecurity breaches.
According to The Hacker News, a cybersecurity news platform, cyberattacks targeting healthcare organizations globally have spiked by 45% since November 2020 as COVID-19 cases continue to increase; a 22% increase in cyberattacks across all industry sectors during the same time period, with the average number of weekly attacks in the healthcare sector reaching 626 per organization in November as opposed to 430 the previous month*.
These troubling increases in cyber-attacks are not limited to the healthcare sector, a number of well-regarded global organizations suffered significant breaches in 2020 as well (e.g. Twitter, Marriot, SolarWinds Orion, Zoom).
Based on cyber-related claims trends, coupled with advisories issued by national and international authorities,
HIROC produced several alerts for its Subscribers since March of 2020. With the current spike in COVID-19 related admissions, we at HIROC want to keep your cybersecurity top of mind.
Here is a recap of the cyber threats experienced by the healthcare sector in 2020:
- Social engineering attack resulting in payment misdirection or theft of credentials
- Ransomware or malware attack resulting in encryption of critical information systems and networks (e.g. Ryuk, Netwalker)
- Cross-site scripting attacks that inject malicious code on hospital websites intending to compromise the websites’ visitors
- Unpatched vulnerabilities exploited by cybercriminals
- Weak data protection practices exploited by cybercriminals (e.g. lack of encryption)
- Published stolen data with demands of a ransom in exchange for taking down the data
HIROC Launches Cyber Loss Risk Reference Sheet
As your proactive trusted partner in safety, we’re constantly scanning the environment and building on the knowledge gleaned from cybersecurity-related claims reported to HIROC, a Risk Reference Sheet on Cyber Loss was published in December 2020.
We encourage you to share this resource widely across your organization.
This Cyber Loss Risk Reference Sheet contains case studies and the most impactful mitigation strategies to assist healthcare organizations proactively manage their cybersecurity risks. If you do not have the resources to apply industry-recognized cybersecurity standards (e.g. NIST CFA, NIST 800-171, SANS CIS CSC), you can utilize HIROC’s Risk Reference Sheet to assess your organizations’ cybersecurity posture.
Additionally, subscriber participants of HIROC’s Risk Assessment Checklists (RAC) program are required to complete a Cyber Loss module.
As mentioned in a past HIROC article, preparedness, practice and partnerships help strengthen an organization’s cybersecurity posture.
If you have any questions or require any guidance and support, please reach out to Kopiha Nathan, Privacy and Compliance Officer at HIROC firstname.lastname@example.org.
We’re here for you - contact HIROC for expert advice and guidance
Subscribers experiencing cybersecurity breaches must respond to the event rapidly in order to control and contain the breach, eradicate the threat, restore systems, networks, and data. Often, forensic investigators are required to identify the extent of the breach, attack vector and affected data, etc. External legal assistance may be required to assist in preparing for any notifications that may need to be sent to affected parties, patients, and privacy regulators.
Healthcare organizations and practitioners insured by HIROC are encouraged to immediately notify HIROC to ensure we are best able to assist you through the loss or breach. This support includes retaining the appropriate IT/forensic cyber experts, external legal advice, financial support, and guidance around potential disclosure requirements.
Cyber Loss Risk Reference Sheet, HIROC, December 2020, https://www.hiroc.com/resources/risk-reference-sheets/cyber-loss
Cyber Risk Management Guide, HIROC, 2018, https://www.hiroc.com/resources/risk-resource-guides/cyber-risk-management-guide-healthcare-providers-and-administrators
Key measures for preventing and mitigating cyber-attacks and ransomware, HIROC, 2018, https://www.hiroc.com/resources/risk-resource-guides/key-measures-preventing-and-mitigating-cyber-attacks-and-ransomware
Cyber Security Centre of Excellence, Government of Ontario, https://www.ontario.ca/page/cyber-security-centre-excellence
Canadian Centre for Cyber Security, Government of Canada, https://cyber.gc.ca/en/
*Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20, January 5, 2021, The Hacker News, https://thehackernews.com/2021/01/healthcare-industry-witnessed-45-spike.html
By Kopiha Nathan, Privacy and Compliance Officer, HIROC