EXECUTIVE SUMMARY

New threats are emerging in cybersecurity. One risk for healthcare organizations involves using the victim’s computing power.

• Cyberattacks are targeting healthcare organizations’ vendor networks.

• Nation-states are more involved with sponsoring cyberattacks.

• Cryptojacking can be used to mine bitcoins.


The world of cybersecurity continues to evolve, with hackers now using approaches unfamiliar to risk managers. Staying ahead of the hackers is a challenge, particularly with nation-states getting more involved with the attacks on hospitals and health systems.

Hackers are rapidly developing new ways to intrude on healthcare IT systems, says Ophir Zilbiger, partner and head of SECOZ Cybersecurity Center with BDO Israel in Tel Aviv. In some cases, their motivation has changed from obtaining patient data to using the healthcare organization’s computing power for illegal purposes.

BDO’s recent report, Brace for the Breach, summarizes new developments in cybersecurity. (The report is available online at: https://bit.ly/2D4VqLg.) Key findings from the report include the following:

• More decentralized cyberattacks. Rather than targeting the hospital or health system directly, these attacks compromise a healthcare vendor’s technology or network connections. Once they have access, the hackers can penetrate the network of the vendor’s customers — the hospitals and health systems. This is now the favored approach of hackers, according to the report.

Medical device recalls as a result of corrupted software have increased 126% since the fourth quarter of 2017, the report says. The legacy systems in many healthcare IT infrastructures are geographically dispersed, which multiplies opportunities and venues for cyberattacks.

• Nation-states are increasingly involved with cyberattacks on hospitals. Instead of targeting prominent clinics that may treat politicians and other notable patients and have formidable security, they target smaller rural hospitals located close to decentralized facilities such as military bases. The goal is steal the records of military leaders, clinical trial research, and sensitive information such as that related to biological weapons. Only 7% of 475 hospital CEOs surveyed knew nation-states were among the top three cyberadversaries.

• Cryptojacking is a growing threat, but it is not well-known in the healthcare community. In cryptojacking, malware is introduced to a healthcare organization’s computer system not to steal data but to take advantage of the computing power and network resources. The most common purpose is for the mining of bitcoins, which requires significant computing power.

• The top seven categories of cyberattacks in healthcare are denial of service attacks, business email compromise, supply chain attacks, internal threats, cryptojacking, ransomware, and computer intrusions.

Cryptojacking is among the most worrisome threats, Zilbiger says. The increasing use of blockchain technology makes the computing power of healthcare organizations appealing to hackers, he says.

“Hackers today are mostly about making money. Not so many years ago, we were talking about hackers making their reputations with these attacks, becoming famous in their communities for political reasons,” Zilbiger says.

“Now they are about making money, and many are employed by criminal organizations. They can simply steal money from cryptocurrency owners, but they use cryptojacking to create money. In the cryptocurrency world you can mine, or create, additional money, but it takes tremendous resources in terms of the hardware and electricity.”

The amount of energy required to mine a bitcoin can be more than the bitcoin’s value, Zilbiger says. But that is not a problem if the hacker is using a hospital’s IT system to mine bitcoins. The threat to the healthcare organization comes when that vast amount of computing power is drawn from the IT system and threatens the normal operations involved with patient care and administration, he explains.

“We’re seeing more and more of this,” Zilbiger says. “The way the cryptojackers get into the system is the same as from other cyberthreats, so the defenses are largely the same. You do not have to be a massive organization to be threatened by cryptojacking because they also have the ability create a network in which they draw computing capacity from many users, even individuals at home, and combine it to create the computing power they need to be profitable with mining cryptocurrency.”

SOURCE

• Ophir Zilbiger, Partner, Head of SECOZ Cybersecurity Center, BDO Israel, Tel Aviv. Phone: (972) 52-6755544. Email: ophirz@bdo.co.il.