Dive Brief:
- As telehealth usage surged as a result of the COVID-19 pandemic, so did targeted cyberattacks on telehealth providers, according to a new report from cybersecurity ratings firm SecurityScorecard and dark web research company DarkOwl.
- Researchers analyzed security alerts sent to IT staff at 148 of the most popular telehealth applications and found they jumped 30% for the period March through April this year, compared to the pre-COVID period of September 2019 through February 2020.
- In the starkest difference, the healthcare industry overall saw a 77% decrease in IP reputation security alerts caused by malware infections, part of successful phishing attempts or other attacks. The same incidents in telehealth vendors jumped 117%, suggesting cybercriminals moved away from targeting healthcare organization networks in favor of third party supply chain vendors instead.
Dive Insight:
The pandemic and resulting regulatory changes resulted in snowballing telehealth use beginning in March, as patients avoided doctors' offices and hospitals for non-emergent health concerns, leery of potential virus transmission.
As a result, telehealth providers have experienced an almost exponential surge in targeted cyberattacks, according to the new report.
SecurityScorecard and DarkOwl found significant increases in cybersecurity concerns for popular telehealth vendors amid the pandemic. Researchers compared the amount of alerts in the two months of March and April, at the height of the pandemic, to the amount of alerts in the six months from September 2019 to February this year to highlight the quick, intense rise in cybersecurity concerns.
"Though less time passed, those two short months saw a massive increase in weaknesses. Security alerts in the months prior were present, but relatively static in comparison to what happened during the usage spike. Third party apps, like telehealth apps, increase any healthcare organization’s overall digital footprint, which in turn increases the attack surface," Alex Heid, chief R&D officer at SecurityScorecard, said.
The 30% increase in overall cybersecurity findings include a range of different attack methods, including a 65% increase in patching cadence findings, one of the primary security policies to protect data, and a 56% increase in endpoint security findings. Hackers exploit vulnerabilities in endpoint security to steal data.
Widespread adoption of remote work has also fueled security concerns for telehealth vendors. The report found a 42% and 27% increase in issues with FTP and RDP, respectively. FTP is a network that enables information to travel between a client and a server, and RDP is a protocol allowing for remote connections between users in different locations. Both have been used more amid the shift to virtual workspaces.
The report gives a peak behind the curtain of how cybercriminal interest in electronically protected health information from telehealth vendors has grown during COVID-19. Analysts found a notable increase in hacker chatter on the dark web about the top 20 telemedicine companies from January through April. The starkest jump was between the second and third weeks of March, where DarkOwl analysts found a 144% jump in mentions.
The report looked at 1 million organizations, including more than 30,000 in the healthcare industry, from September 2019 to April 2020 to assess cybersecurity risk. In a bright spot, despite pivoting in huge numbers to digital healthcare delivery and facing immense challenges amid COVID-19, healthcare companies generally improved their security posture relative to 2019, moving to 9th place out of 18th industries, up from 10th last year.
Most importantly, healthcare companies greatly improved their patching, a critical security tool to foil cyberattacks. And the drop in malware infections indicates the healthcare industry is taking more steps to protect vulnerable endpoints in their internal networks than prior years, SecurityScorecard and DarkOwl determined.
But many healthcare companies have suffered breaches during the pandemic that likely included patient data or diagnostic research. For example, in late June, cybercriminals used ransomware to access the University of California San Francisco's internal networks, including Centers for Disease Control and Prevention and departments tied to COVID-19 research. UCSF eventually paid hackers $1.14 million in bitcoin to unlock its encrypted data.