The healthcare industry is now experiencing more devastating DNS attacks than ever during the COVID-19 pandemic, more so than in any other industries.
A 2021 Global DNS Threat Report study from EfficientIP and IDC reveals that healthcare is more vulnerable and the most likely industry to suffer application downtime, with 53% of healthcare companies experiencing cyber breaches.
Globally, healthcare also saw the highest rate of compromised websites at 44% and the highest rate of brand damage at 31%. The average cost per attack in healthcare also increased to $862,630, a rise of 12% from last year and the sharpest increase seen by any industry.
The top three impacts were (1) application downtime at 53%, (2) cloud service downtime 46% and (3) compromised website at 44%.
“Hospitals and clinics as well as healthcare companies were not ready in deploying fundamental healthcare IT defense mechanisms needed to secure their systems and operations. This gap is opening the door for hackers to take advantage,” said Ronan David, VP of Strategy for EfficientIP, in response to questions on the study from iTNews Asia.
What the numbers mean
“We all knew that the healthcare industry would be a prime target for cyber attacks during the pandemic,” said David. “But it really is fascinating--and useful--to see the data in black and white. Fascinating because we finally have a clear quantitative picture, and useful because we see where companies can help healthcare companies improve their defenses.”
The study warns that this comes at a time when health industry is already experiencing other stressors related to the pandemic, the downtime in the cloud and from apps and services used could have heavy consequences for both patients and providers. Customer information is particularly sensitive in the healthcare sector, which makes it an attractive target--particularly so during a time of high-stress for the industry.
The study also found that it took an average 6.28 hours to mitigate each attack – which is higher than the industry average of 5.62 hours – and in serious cases puts patient’s lives in danger due to the lack of healthcare support during the downtime .
Hospitals and clinics as well as healthcare companies were not ready in deploying fundamental healthcare IT defense mechanisms needed to secure their systems and operations. This gap is opening the door for hackers to take advantage.
- Ronan David, VP of Strategy for EfficientIP
David said healthcare is in the sweet spot for the threat actors, firstly due to the large amount of customer data that is that is easily accessible to patients and to caregivers both on-site and remote. This necessitates a larger number of devices and platforms, thus increasing the attack surface for bad actors.
Secondly, he said the healthcare sector has a large number of internet connected devices for day to day patient treatment. These devices all provide an entry point for external attackers into a system, with DNS often being used as a vector for the attack.
IoT devices, smartphones, telemedicine applications, robotic surgical equipment, cloud connected machines such as MRI, heart rate monitors, ventilators, ultrasound machines, patient monitors are involved in daily healthcare operations which are easily at risk for DNS malware attacks without proper healthcare IT security.
“Any medical device infected by malware can be used to exfiltrate data or rapidly spread infection to other devices, resulting in systems shut down of IT processes and connections, thus disrupting patient care,” said David.
Southeast Asian countries under threat
From the region’s perspective, the study found that attacks on the healthcare sector are on the rise for many countries in APAC – especially among Thailand, Malaysia, and the Philippines.
Indonesia was also one of the Southeast Asian countries to have experienced cyber attacks earlier in the year in its national healthcare program. The incident jeopardised over 100,000 Indonesians’ personal social security data including personal records, social security number and payment status for fraud and digital attacks.
The Singapore healthcare sector also found itself to be at risk for government data hacks through malware. The government previously detected millions of internet connected medical equipment including ultrasound machines, patient monitors and medical imaging equipment vulnerable for attacks.