Targeted cyberattacks on telehealth vendors skyrocketed along with adoption, report finds

Dive Brief:

  • As telehealth usage surged as a result of the pandemic, so did targeted cyberattacks on telehealth providers, according to a report from SecurityScorecard and dark web research company DarkOwl. The report looked at 1 million organizations, including more than 30,000 in the healthcare industry, from September 2019 to April 2020 to assess cybersecurity risk.
  • Researchers analyzed security alerts sent to IT staff at 148 of the most popular telehealth applications and found they jumped 30% for the period March through April this year, compared to the pre-COVID period of September 2019 through February 2020.
  • In the starkest difference, the healthcare industry overall saw a 77% decrease in IP reputation security alerts caused by malware infections, part of successful phishing attempts or other attacks. The same incidents in telehealth vendors jumped 117%, suggesting cybercriminals moved away from targeting healthcare organization networks in favor of third party supply chain vendors instead.

Dive Insight:

The pandemic caused regulatory changes, snowballing into increased telehealth use beginning in March, as patients avoided doctors’ offices and hospitals for non-emergency health concerns, leery of potential virus transmission.

As a result, telehealth providers experienced an almost exponential surge in targeted cyberattacks, especially between March and April, according to the report.

“Though less time passed, those two short months saw a massive increase in weaknesses. Security alerts in the months prior were present but relatively static in comparison to what happened during the usage spike. Third party apps, like telehealth apps, increase any healthcare organization’s overall digital footprint, which in turn increases the attack surface,” Alex Heid, chief R&D officer at SecurityScorecard, said.

The 30% increase in overall cybersecurity findings include a range of different attack methods, including a 65% increase in patching cadence findings, and a 56% increase in endpoint security findings. 

Widespread adoption of remote work has also fueled security concerns for telehealth vendors. The report found a 42% and 27% increase in issues with file transfer protocol (FTP) and remote desktop protocol (RDP), respectively. FTP is a network that enables information to travel between a client and a server, and RDP is a protocol allowing for remote connections between users in different locations. Both have been used more amid the shift to virtual workspaces.

Analysts found a notable increase in hacker chatter on the dark web about the top 20 telemedicine companies from January through April. The starkest jump was between the second and third weeks of March, where DarkOwl analysts found a 144% jump in mentions.

In a bright spot, despite pivoting in huge numbers to digital healthcare delivery and facing immense challenges during COVID-19, healthcare companies generally improved their security posture relative to 2019, moving to 9th place out of 18th industries, up from 10th last year.

Most importantly, healthcare companies greatly improved their patching. The drop in malware infections indicates the healthcare industry is taking more steps to protect vulnerable endpoints in their internal networks than prior years, SecurityScorecard and DarkOwl determined.

But many healthcare companies have suffered breaches during the pandemic that likely included patient data or diagnostic research. For example, in late June, cybercriminals used ransomware to access the University of California San Francisco’s internal networks, including Centers for Disease Control and Prevention and departments tied to COVID-19 research. UCSF eventually paid hackers $1.14 million in bitcoin to unlock its encrypted data.