In 2020, the healthcare industry was heavily targeted by ransomware gangs who took advantage of the pandemic to hit the very hospitals that were trying to save patients’ lives. Battling under extremely challenging conditions, the healthcare industry had to cope with these highly damaging and disruptive ransomware attacks that placed patient safety at risk.
A major ransomware attack hit one of the largest healthcare providers in the United States. Universal Health Services, an American Fortune 500 company which employees 90,000 individuals and runs 400 acute care hospitals, suffered a major ransomware attack in September which impacted all of its hospitals. Staff were forced to work on pen and paper for three weeks while it recovered from the attack.
A cyberattack on University of Vermont Medical Center in October affected more than 5,000 hospital computers and laptops and 1,300 servers. All devices had to be wiped and have software and data reinstalled, with the healthcare provider experiencing downtime for more than 2 months. During the recovery process around $1.5 million was being lost per day to attack-related expenses and lost business, with the total costs expected to exceed $64 million.
Ransomware attacks on the healthcare industry were stepped up in September and October and continued to plague the industry for the remainder of the year. A study by Tenable found that ransomware attacks accounted for 46% of all healthcare data breaches in 2020, showing the extent to which the industry was targeted.
Many of these attacks involved the exploitation of unpatched vulnerabilities, most commonly vulnerabilities in the Citrix ADC controller and Pulse Connect Secure VPN. Patches had been released at the start of the year to fix the vulneabilities, but the patches had not been applied promptly. Phishing emails also gave ransomware gangs the access to healthcare networks they needed to conduct ransomware attacks. Check Point’s research indicates there was a 45% increase in cyberattacks on the industry from the start of November to the end of the year.
Another industry heavily targeted by hackers in 2020 was retail. Retailers were also incredibly busy as a result of the pandemic. With governments ordering people to stay home to curb the spread of the virus, online retailers saw a sales surge as shoppers made their purchases online rather than in bricks and mortar stores. Researchers at Salesforce found digital sales increased by 36% in 2020 compared to the previous year, and cybercriminals took advantage of the increase in online sales.
Several methods were used to gain access to retailers’ systems and websites, with the most popular tactic being web application attacks, which increased by 800% in 2020 according to the CDNetworks State of Web Security H1 2020 Report. Attackers also used credentials stolen in past data breaches to attack online retail outlets in credential stuffing attacks, which Akamai’s tracking revealing the retail industry was the most attacked industry using this attack technique, account for around 90% of attacks.
As is normal every year, the large numbers of shoppers that head online to make purchases in the run up to Black Friday and Cyber Monday were exploited, with phishing attacks related to these shopping events increasing thirteenfold in the six-week run up to Black Friday. In November, 1 in every 826 emails was an online shopping related phishing scam, compared to 1 in 11,000 in October, according to Check Point. Content management systems used by retailers were also targeted, and attacks on retail APIs also increased in 2020.
As we head into 2021, both sectors are likely to continue to be heavily targeted. Ransomware and phishing attacks on healthcare providers could well increase now that vaccines are being rolled out, and with many consumers still opting to buy online rather than in person, the retail sector looks set to have another bad year.
Fortunately, by following cybersecurity best practices it is possible to block the majority of these attacks. Patches need to be applied promptly, especially any vulnerabilities in remote access software, VPNs, or popular networking equipment, as those vulnerabilities are rapidly exploited.
An advanced anti-phishing solution needs to be implemented to block phishing attacks at source and ensure that malicious messages do not get delivered to inboxes. Multi-factor authentication should also be implemented on email accounts and remote access solutions to block credential stuffing attacks.
A web filter is important for blocking the web-based component of phishing and cyberattacks. Web filters stop employees from visiting malicious websites and block malware/ ransomware downloads and C2 callbacks. And for retail especially, the use of web application firewalls, secure transaction processing, and the correct use of Transport Layer Security across a website (HTTPS) are important.
By following cybersecurity best practices, healthcare providers, retailers, and other targeted industries will make it much harder for hackers to succeed. TitanHQ can help by providing SpamTitan Email Security and WebTitan Web Security to protect against email and web-based attacks in 2021. For more information on these two solutions and how you can use them to protect your busines, call TitanHQ today.