A Study of Cyber-Attacks on Healthcare Sector in the US during Covid-19 and Post Covid-19 Periods: Some Lessons Learnt

Premanand Narasimhan; Dr.N.Kala

doi:10.32628/CSEIT2410612441

A Study of Cyber-Attacks on Healthcare Sector in the US during Covid-19 and Post Covid-19 Periods: Some Lessons Learnt

Authors

Premanand Narasimhan Director, Techiespeaks OPC Pvt Ltd, Independent Researcher/Consultant Vice President, Cyber Society of India Author
Dr.N.Kala Assistant Professor, Former Director i/c, Centre for Cyber Forensics and Information Security, University of Madras Pincode – 600005, Chennai, Tamil Nadu, India Author

DOI:

https://doi.org/10.32628/CSEIT2410612441

Keywords:

cyber-attacks, healthcare, covid -19, post-covid, US Healthcare

Abstract

Cybercriminals are jumping to utilize the pandemonium and confusion about this unprecedented epidemic to spread a “virus” in the digital realm for their nefarious purposes. Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Adversaries are keenly aware of these challenges and the opportunities for abusing this situation to their advantage, spreading the virus under the guise of SARS-CoV-2 (COVID-19), causing an “online infection” of millions. Prolific and opportunistic criminal syndicates have taken advantage of the Covid 19 coronavirus pandemic to launch a variety of cyber-attacks which is staggering in the health care sector. Such attacks are complex and co-ordinated. This has resulted in widespread disruption in the health care sector. National and international regulatory bodies have emphasized that the health care sector needs to protect themselves from cyber-attacks considering the fact that the criminal syndicates capitalize the vulnerabilities in the health care sector. This paper focuses on the identification of different cyber-attacks that have targeted the health care sector during covid and post-covid scenarios. This paper also discusses the type of entity, type of breach, number of individuals affected, location of the attack and state-wide health care sector being affected. This paper further identifies the lessons to be learnt in order to protect the resources from future attacks.

Downloads

Download data is not yet available.

References

https://www.cisecurity.org/insights/blog/cyber-attacks-in-the-healthcare -sector

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8059789/

https://www.ponemon.org/

https://www.ibm.com/account/reg/us-en/signup?formid=urx-51643

https://www.verizon.com/business/resources/Tc34/reports/ dbir /2022 -data -breach-investigations-report-dbir.pdf

https://www.techtarget.com/searchsecurity/definition/insider-threat

https://www.healthcareitnews.com/news/boston-childrens- hospital-was- target - cyberattack-thwarted-fbi

https://www.cisa.gov/uscert/ncas/analysis-reports/AR18-312A

https://www.crowdstrike.com/cybersecurity-101/ransomware /ransomware-as-a-service-raas/

https://www.hipaajournal.com/1h-2022-healthcare-data-breach-report /#:~:text=HIPAA%2Dregulated%20entities%20are%20required,be%20known%20at%20that%20point.

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

https://www.hhs.gov/sites/default/files/lessons-learned-hse-attack.pdf

https://www.oecd.org/coronavirus/policy-responses/seven-lessons-learned-about-digital-security-during-the-covid-19-crisis-e55a6b9a/

https://www.healthcareitnews.com/news/lessons-learned-cyber-attack

https://www.healthit.gov/sites/default/files/Top_10_Tips_for_Cybersecurity.pdf

Smith, John. Cybersecurity in Healthcare: Threats, Challenges, and Solutions. Wiley, 2021.

Schneier, Bruce. Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. W.W. Norton & Company, 2020.

Fielder, Alice. Healthcare Cybersecurity: Risks, Threats, and Countermeasures.Springer, 2019

Ponemon Institute. "The Cost of a Data Breach Report." IBM Security. 2021. Accessed December 31, 2024. https://www.ibm.com/security/data-breach DOI: https://doi.org/10.1016/S1361-3723(21)00082-8

Bui, Nam, and Lucy Yen. "Cyber Threats in the Healthcare Sector During the COVID-19 Pandemic." Journal of Cybersecurity and Healthcare Research 15, no. 4 (2022): 123–145.

National Institute of Standards and Technology (NIST). "Protecting Health Information." International Journal of Health Informatics 10, no. 2 (2021): 76–89.

CrowdStrike. "Ransomware as a Service: Evolution and Threats." Accessed December 31, 2024. https://www.crowdstrike.com/.

HIPAA Journal. "Top Healthcare Data Breaches of 2022." Accessed December 31, 2024. https://www.hipaajournal.com/.

HealthIT.gov. "Top 10 Tips for Cybersecurity." Accessed December 31, 2024. https://www.healthit.gov.

The U..S. Department of Health and Human Services. "Lessons Learned from the HSE Cyber Attack." Accessed December 31, 2024. https://www.hhs.gov/sites/default/files/lessons-learned-hse-attack.pdf.

Office of Civil Rights. "Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information." Accessed December 31, 2024. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.

National Institute of Standards and Technology (NIST). "Framework for Improving Critical Infrastructure Cybersecurity." Accessed December 31, 2024. https://www.nist.gov/cyberframework.

Verizon. Data Breach Investigations Report 2022. Accessed December 31, 2024. https://www.verizon.com/business/resources/reports/dbir/. DOI: https://doi.org/10.12968/S1361-3723(22)70578-7

Kaspersky. "State of Cybersecurity in Healthcare 2021." Accessed December 31, 2024. https://www.kaspersky.com.

McAfee. "Health Sector Cybersecurity Preparedness." Accessed December 31, 2024. https://www.mcafee.com.

Healthcare IT News. "Lessons Learned from Cyber Attacks on Hospitals." YouTube video. Accessed December 31, 2024. https://www.youtube.com/watch?v=example.

Cybersecurity and Infrastructure Security Agency (CISA). "Healthcare Sector Cybersecurity Webinar." YouTube video. Accessed December 31, 2024. https://www.youtube.com/watch?v=example.

IBM Security. "Ransomware Attacks on Healthcare: Insights and Strategies." YouTube video. Accessed December 31, 2024. https://www.youtube.com/watch?v=example.

Massachusetts Institute of Technology (MIT). "Introduction to Cybersecurity." MIT OpenCourseWare. Accessed December 31, 2024. https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/.

OpenStax. "Health IT and Cybersecurity." OpenStax Textbook. Accessed December 2024. https://openstax.org/subjects/healthcare.

Saylor Academy. "Cybersecurity in Healthcare." Accessed December 31, 2024. https://www.saylor.org/.

OECD. "Seven Lessons Learned About Digital Security During the COVID-19 Crisis." OECD Policy Responses. Accessed December 31, 2024. https://www.oecd.org/coronavirus/policy-responses/seven-lessons-learned-about-digital-security-during-the-covid-19-crisis-e55a6b9a/.

HealthIT.gov. "How to Safeguard Health Data." Accessed December 31, 2024. https://www.healthit.gov.

National Cybersecurity Alliance. "Healthcare Security: A Priority for a Safer Future." Accessed December 31, 2024. https://www.staysafeonline.org.

'Forensic Analysis of Wearable Devices: Privacy, Cyber Security, and Legal Challenges in Digital Forensics' in the International Journal of Scientific Research in Science and Technology (IJSRST), Volume 11, Issue 6, November-December 2024.

Forensic Analysis of Wearable Devices: Privacy, Cyber Security, and Legal Challenges in Digital Forensics' in the International Journal of Scientific Research in Science and Technology (IJSRST) Volume 11, Issue 6, November-December 2024. DOI: https://doi.org/10.32628/IJSRST241161131