The BKA has just presented its federal situation report, also in connection with the corona pandemic. ESET calls for stronger IT security for the health care sector. Cyber and ransomware attacks can affect security of supply in times of Covid-19.
The Federal Criminal Police Office today presented its “Cybercrime Situation Report” as well as a special evaluation on the subject of “Cybercrime in times of the Covid-19 pandemic”. The results coincide with those of ESET, which recently examined these problem areas in various studies: The number of cyber attacks has risen to a new high, and ransomware is the most dangerous weapon used by cyber criminals. The results of ESET's own Covid-19 economic study show that there is a lot of catching up to do in terms of cyber security in the health care sector. The level of security in the context of the pandemic and home office is also far from the necessary standard. In the opinion of ESET expert Thomas Uhlemann, holistic security approaches are absolutely essential, but have often not yet been implemented due to a lack of financial resources.
BKA: Cyber attackers are increasingly focusing on hospitals
“Digitization is also increasing steadily in the health sector. For many years we have observed in Germany that hospitals in particular are increasingly becoming the focus of cyber attackers. Unfortunately, in our opinion, these are not optimally positioned, ”said ESET security expert Thomas Uhlemann. “The successful attack on the hospital in Düsseldorf unfortunately made it clear again that cyber attacks here can cost human lives. Especially in times of the corona pandemic, clinics must finally be better positioned and pursue and implement holistic IT security approaches. ”According to the ESET experts, the use of comprehensive concepts also means that patient data must be better protected. “The use of passwords instead of effective two-factor authentication solutions is the rule and, from our point of view, extremely insecure. The subject of encryption is also neglected. In so many places, attackers are able to gain access to unprotected data and sell it on the dark web or blackmail the organizations concerned. "
Background: Hospitals are not adequately protected
Health care and hospitals are not adequately protected. The current case in a Düsseldorf clinic shows the explosiveness: attacks on hospitals are taking place more and more often and, above all, in a targeted manner. Ransomware attacks in particular have proven to be successful and financially lucrative for cyber criminals. ESET identifies two reasons why cyber gangsters are addressing the health care sector in particular:
- Health data are in great demand. In the Darknet there are horrific sums of money for corresponding data records. Up to EUR 2.000 can be achieved per data record.
- Hospitals are comparatively poorly protected. Obviously, the necessary in-house know-how and the financial means for investments in IT security are missing.
However, these problems are not new. As early as 2016, a study found that 67 percent of all hospitals had already been attacked by hackers. IT security manufacturers have also been warning for years that ransomware in particular poses a particular threat. ESET was the first provider to integrate ransomware protection into its security solutions, for example.
ESET studies show: 2-factor authentication and encryption are rarely used
The analyzes clearly show that it is often incredibly easy for attackers. Holistic security systems are more the exception than the rule in many healthcare facilities (only every second hospital). Access control via 2-factor authentication (45%) or the encryption of patient data (36,5%) are too seldom used. The deletion of data, which is mandatory according to the General Data Protection Regulation, only takes place in every third hospital.
These problems do not only exist in clinics, but generally in the health care sector. Covid-19 also led to a migration to the home office with the known security vulnerabilities. ESET discovered this in two studies:
Study: Economy 2020 - The world of work in the course of the corona pandemic
Hospital Future Act must come as soon as possible
“We welcome the Hospital Future Act proposed by the Ministry of Health. Minister Spahn is on the right track when he earmarked 4,3 billion euros for the necessary digitization. The consideration of IT security aspects is not a dream, but should be seen as a must for investments. Hospitals suffer twice: the financial resources are often limited, IT security experts can hardly be found or paid thanks to the shortage of skilled workers, ”demands Michael Schröder, technology and data protection expert at ESET Germany.
More on this at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.