The Indian healthcare sector has been facing an increasing number of cyberattacks. What’s the reason behind this? What’s making the Indian healthcare sector vulnerable in the face of these attacks?
A few weeks ago, India’s top government-run hospital, All India Institute of Medical Sciences (AIIMS), New Delhi, was hit by a massive cyberattack, forcing it to shut down many of its servers and switch to manual operations. The healthcare industry in India is facing cyberattacks on an industrial scale. It has faced 1.9 million cyberattacks this year till November 28, as per data published by cybersecurity think tank CyberPeace Foundation and Autobot Infosec Private Ltd.
The attacks came from a total of 41,181 unique IP addresses, which were traced back to Vietnam, Pakistan, and China. The global healthcare cybersecurity market is expected to grow from $13.18 billion in 2021 to $15.70 billion in 2022 at a compound annual growth rate (CAGR) of 19.1%.
IoT the weak link in healthcare data security
The medical internet of things (IoT) has made healthcare more convenient, efficient, and patient-focused, but it is also a weak link to data security. Many connected devices with IoT sensors, such as glucose monitors, insulin pumps, and defibrillators, have inadequate security defence that could pose risks to healthcare facilities and patients. Capterra’s 2022 Medical IoT Survey found that medical facilities with over 75 per cent of connected medical devices have a 24 per cent higher risk of cyberattack than practices with less than 50 per cent of connected devices.
Worldwide, hospitals are facing the hacking of their records—dysfunction of their systems etc. Cyber-attacks on hospitals affected million in the U.S. On October 3, 2022, a major health system that operates over 1,000 hospitals in U.S. and care facilities across 21 states was hit by a cyberattack that impacted millions of Americans. CommonSpirit Health was hit with a cyberattack that forced the health company to take specific computer systems offline “as a precautionary step.” In comparison, it remains unclear whether patient health information was compromised.
Ransomware-as-a-Service to increase in 2023
Per a Mandiant cybercrime forecast for 2023, the next year will witness increased RaaS (Ransomware-as-a-Service) attacks globally as attackers are modernizing their software. Hack-for-Hire could be a growing trend in the coming year as Information Operations (IO), a euphemism for cyberattacks, were being outsourced by state actors, per the Mandiant report. Meta testified in mid-2021 about an increase in hiring a marketing or public relation firms for IO operations to lower the barrier of entry for some threat actors and ‘obfuscate the identity of more sophisticated ones.’
Hackers-for-Hire from India
Early this year, a Reuters investigation identified a network of hackers in India who were routinely hired to gain illegal access to information and documents from businesses, political organizations and individuals. Working with security researchers at Mandiant, Google and LinkedIn, the reporters linked the hackers to three Indian companies; Appin, BellTroX and CyberRoot. The evidence reveals ‘hack-for-hire’ activity by the companies between 2013 and 2020.
The use of the Indian underworld to break into email accounts and smartphones has become a practice that has been proliferating for years. British investigators have been able to commission “hack-for-hire” firms with little fear that they will be prosecuted for breaking the UK’s computer misuse laws. An investigation by the Bureau of Investigative Journalism and the Sunday Times revealed the contents of a leaked database inside one of the major “hack-for-hire” gangs. It shows the extent of illegal computer hacking across the City of London for corporate intelligence companies targeting British businesses, journalists, and politicians.
Hackers have the innovation edge
The Mandiant report further warns that threat actors are constantly innovating to figure out new ways of breaking into systems. They have shifted from gaining control of an endpoint to accessing users’ credentials and accounts. A user’s identity within an organization has become more critical than access to the user’s endpoint. Threat actors are combining social engineering, commodity information stealers, and information gathering from internal data sources post-compromise. They will combine stolen credentials with new techniques to bypass multifactor authentication and abuse Identity & Access Management Systems.
Tighter global legislations
Meanwhile, global legislation is being tightened to counter cybercrimes. In November, the EU Parliament and European Council approved implementing a new policy known as the Network and Information Security Directive 2 (NIS 2.0). The framework will replace the original NIS Directive, which was introduced in 2016 as the first EU-wide cybersecurity legislation.
Under the NIS 2.0 directive, the EU will join the United States and other countries in mandating stricter incident reporting requirements. The legislation will mandate that organizations across the board report cyber breaches and attacks within 24 hours of becoming aware of the incident. Companies that fail to do so can face steep fines.
