European healthcare institutions are more often the victims of ransomware attacks. Since the beginning of this year, 25 ransomware attacks have taken place, hitting 66 locations. That’s a lot more than last year. In our country, four healthcare organizations have been affected by the ransomware so far.
Z-CERT, the Computer Emergency Response Team of the Dutch healthcare sector, writes this in a press release.
Ransomware attacks in healthcare sector on the rise
More and more healthcare institutions in Europe are attacked by hackers with ransomware. Ransomware is software that, once installed, allows cybercriminals to penetrate the corporate network almost undetected. Once inside, they try to gain access to multiple parts of the system (privilege escalation) in order to loot confidential and privacy-sensitive information. System administrators and other employees are often locked out, which means they can no longer log in to do their work and have no access to company data.
Ransomware attacks are on the rise. In all of 2020, there were fewer than ten attacks in the European healthcare sector. This year the counter is already at 25. 66 care locations had to temporarily stop their work. The Netherlands was then spared by hackers. That is no longer the case this year. According to Z-CERT, four healthcare organizations have been attacked with ransomware so far.
“The actual number is probably many times higher,” says Z-CERT analyst Jan Hanstede. That’s because not every attack is reported. Hanstede thinks he knows why. “We still often see that authorities do not publish reports about this. Presumably for reputation reasons or because the service has not suffered as a result”
Suppliers are also a favourite target of hackers
In addition to direct attacks on European healthcare institutions, there is another way in which the healthcare sector is hindered by hackers: they also carry out ransomware attacks on suppliers. An attack on a Software-as-a-Service or SaaS supplier affects the entire chain. Because suppliers get into trouble, this in turn also applies to buyers. You may remember the supply chain attack at SolarWinds, which gave hackers backdoor access to the corporate networks of thousands of customers worldwide.
Z-CERT’s cybersecurity specialists keep a close eye on various hacker groups. “Ransomware groups Hive and Vice Society are mainly active in the healthcare sector. These ransomware groups have already made several victims in recent months,” says Hanstede.
Healthcare institutions must be aware of the dangers
The healthcare sector’s Computer Emergency Response Team is doing everything it can to make healthcare organizations aware of the dangers. At the beginning of this year, Z-CERT published various tips and tricks to keep hackers out. In addition to a strong password, multi-factor authentication and regular backups, security experts also recommended applying application whitelisting and the least privilege principle.
Z-CERT also shares the so-called Indicators of Compromise (digital footsteps) of hackers via the ZorgDetectieNetwork . This makes it possible to detect cybercriminals at an early stage, even before they can cause damage to company systems and servers. Participants will also be notified when updates are ready or vulnerabilities have been found in hardware and software used by healthcare institutions. Finally, from now on there will be a counter on the main page of the Z-CERT website. This indicates how many European and Dutch healthcare institutions have been affected by a ransomware attack. Z-CERT hopes that the Dutch healthcare sector will increase their cybersecurity measures to keep hackers out.
In March, Z-CERT warned about SilverFish , ransomware that has claimed thousands of victims worldwide. At least ten care locations in our country have been affected by this. “SilverFish’s activities are difficult to detect. That is why it is important to know how the hacker group works. Data and studies from other security organizations help us to form the best possible picture of the dangers and consequences of SilverFish for the healthcare sector,” says security specialist Stijn Derksen.
Catch up on more articles here
Follow us on Twitter here