Cybersecurity remains a top risk within the health care industry as attackers are weaponizing COVID-19 and breaches continue to increase during the first quarter of 2020.
In 2019, there were more than 500 reported breaches to the Office of Inspector General. Of the 500 breaches reported, the protected health information of 41 million individuals was compromised. Reporting from January of this year showed an increase in breaches as 49 were reported to the OIG, affecting 629,000 people’s data. This is a 40% increase from January of last year. Unfortunately, February’s pace appears to continue the trend, with 43 reports compared to 33 year-over-year.
According to the HIPAA Journal, the health care industry now accounts for around four out of every five data breaches and 2020 looks set to be another record-breaking year, especially given the uncertain climate due to the impact of COVID-19. The cost to the health care industry from breaches is expected to reach $4 billion in 2020.
Weaponizing the coronavirus
Attackers are already capitalizing on COVID-19 in various ways. The first quarter saw a number of phishing attacks, most notably email updates disguised as trusted organizations, such as the World Health Organization. Also, domains resembling trusted organizations are being purchased by attackers to execute phishing schemes (i.e. cdc-gov.org, cdcgov.org). These phishing schemes request personal information in order to send COVID-19 updates but instead steal personal information.
In addition to phishing emails, ransomware attacks continue to plague the health care industry with organizations across the country reporting 172 ransomware attacks, affecting 1,446 hospitals, clinics and organizations, according to Becker’s Hospital Review.
A recent ransomware scheme leveraged an Android app disguised as providing users with “real-time” updates about COVID-19, but in fact, was used to lock user phones requiring a payment of $100 in bitcoins to unlock their device.
With the increase of organizational breaches, creative phishing emails on the rise, continued ransomware attacks combined with COVID-19 uncertainty and stresses, we will continue to see cybersecurity as a critical theme into Q2 2020 and beyond.