In the absence of proper precautions, cybercriminals can shut down hospital operating rooms, expose highly personal health data and damage the ability of health professionals to provide service, new research shows.
“Today’s attacks target people, not just technology,” said a report released Oct. 10 by California-based global online security firm Proofpoint, Inc. (NASDAQ:PFPT). “They exploit the human factor: healthcare workers’ natural curiosity, acute time constraints and desire to serve. Protecting against these threats requires a new, people-centered approach to security.”
The most alarming research finding was a 300% jump over 2018 in imposter email attacks from this same time last year. Such communications are faked to appear as if they come from someone the recipient personally knows.
That’s just one in a bag of tricks through which cybercriminals seek to trick healthcare workers into opening unsafe attachments or, more increasingly, into clicking on links that lead to malware.
One of the biggest threats there, Proofpoint found, is the use of the malware Emotet strain. Once considered just a banking trojan – a way of worming into a bank’s files – Emotet has become the biggest malware payload sent to healthcare companies.
“It’s the first appearance in recent quarters of botnets as a category of malware targeting the healthcare sector,” the report said.
But, the report noted, Emotet volume has decreased in recent months.
“Such hiatuses often coincide with attackers retooling the malware or making changes to their infrastructure,” the report said. “Even with the pause, Emotet remains a prime example of the type of robust, multipurpose malware we see targeting healthcare and other industries.”
The other mode of attack hitting individuals – generally via email – is the use of bad URLs either as they are or, increasingly, disguised by URL shorteners, links people will click on.
Both can be used in either malware or phishing attacks, the report said.
Further, the report noted, it’s certainly not VIPs who are the targets of attacks. No, it’s VAPs – very attacked people.
“In many cases, healthcare VAPs are workers with roles that give them privileged access to sensitive data, systems or relationships,” the report said. “In other cases, it’s someone with a public-facing email address. These can include shared accounts and email aliases, which are usually permanent, they can forward email to several recipients, and they are hard to secure with multifactor authentication.”
Proofpoint found certain groups who fit in the VAP model.
In the healthcare provisions sector, they are doctors, researchers and administrative staff; among insurers, included are customer support, sales and field team members, administrative staff and IT teams; and in the pharmaceutical sector such people include executives, public relations or marketing workers and those in sourcing, logistics and supply chain areas.