Cyber Intel Report  |  October 2020

Australian Healthcare and Aged Care Threat Report

Cyber incidents on healthcare sector result in real-life risks to patients

The ongoing global COVID-19 pandemic further accentuated the trend of cyber criminals interested in monetising the criticality of healthcare services through ransomware attacks and data breaches. This is especially worrying given that a cyber incident resulting in an ongoing shut down of medical services can have life threatening consequences for patients. If these services become compromised or are successfully attacked, then critical internal infrastructure services such as access to laboratory results, radiography and real-time patient physiological information will be unavailable. Operations will be postponed, patients moved to nearby hospitals and urgent medical care unavailable. Additionally, many illnesses are treated with cloud-based monitoring services, IoT-embedded devices and self or automated administration of prescription medicines. Cyber-attacks could inhibit the delivery of these health services and put patients’ lives at risk.

The life-threatening nature of cyber incidents became a reality in September 2020 when a human fatality was directly linked to a ransomware infection at a hospital in Germany. The first known human fatality directly attributed to a cyber-attack occurred after a ransomware infection shut down more than 30 of the Dusseldorf University Hospital’s internal servers on 10 September 2020. Operators of the DoppelPaymer ransomware penetrated the hospital’s systems through an unpatched vulnerability found in the Citrix VPN system – a known entry point for ransomware gangs.  As a result of the outage, a patient requiring urgent medical care died after being re-routed to a hospital located 30km away.

As COVID-19 cases began to increase in Australia so did the number of cyber criminals targeting healthcare organisations with phishing campaigns, ransomware and other malicious campaigns. Criminals have continued to spoof healthcare organisations, particularly national authorities and government bodies, when crafting phishing emails aimed at individuals or other industries. However, cyber criminals were not the only threat type whose interest in the healthcare sector peaked amid COVID-19. The industry is also targeted by many advanced persistent threat (APT) groups working for the benefit of foreign governments for whom healthcare research presents a priority intelligence requirement. Medical research on COVID-19 vaccines and treatments is a high cyber espionage priority for several countries who wish to fast-track their own developments. With no clear end in sight for the COVID-19 pandemic, rapid digitalisation and tough legal requirements within which the sector operates, CyberCX assesses that healthcare and aged care sectors will continue to be in the spotlight of cyber adversaries in the short to mid-term.