Cyber Security: Lessons Learned From Cyber-Attacks on Hospitals in the COVID-19 Pandemic

Jan Kolouch, Tomáš Zahradnický, Adam Kučínský

Abstract

The article deals with the issue of cyber security, specifically the security of medical facilities. The introduction summarizes and briefly analyzes the cyber attacks demonstrated on Czech health care facilities in the period from 12/2019 to 1/2021, together with the procedures adopted by the responsible authorities. The article also newly presents the current regulatory requirements for cyber security of hospitals. In the context of past attacks and based on analyzes of attacks, current legislation and events, the article will provide an opinion on whether the requirements for cyber security of hospitals are set sufficiently or whether this area should be revised. At the same time, measures will be recommended to strengthen the cyber security of hospitals.

Keywords

Critical Infrastructure Protection, Legal Framework, cyber security, cyber-attack, cyber security, Critical Information Infrastructure, CSIRT, CERT

Full Text:

References

Show references Hide references

[1] Deutsche Welle (2020). German police probe 'negligent homicide' in hospital cyberattack. [online] Available from: https://p.dw.com/p/3ieQl [Accessed 19 February 2020]
[2] Kolouch, J., Zahradnický T. and Kučínský A. (2021) Cyber Attacks on Czech Hospitals in the Covid-19 Pandemic. Unpublished manuscript.
[3] Ilascu, I. (2020) Ryuk ransomware deployed two weeks after Trickbot infection. [online] Available from: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-deployed-two-weeks-after-trickbot-infection/. [Accessed 19 February 2020]
[4] Wadhwani, S. (2020) Cyber World’s Most Fearsome Ransomware Is Ryuk: SonicWall. [online] Available from: https://www.toolbox.com/security/threat-reports/news/cyber-worlds-most-fearsome-ransomware-is-ryuk-sonicwall/. [Accessed 19 February 2020]
[5] Proofpoint, Inc. (2020) New Defray Ransomware Targets Education and Healthcare Verticals. [online] Available from: https://www.proofpoint.com/us/blog/threat-insight/new-defray-ransomware-targets-education-and-healthcare-verticals. [Accessed 19 February 2020]
[6] Trend Micro Incorporated (2017) Defray Ransomware Sets Sights on Healthcare and Other Industries. [online] Available from: https://www.trendmicro.com/vinfo/pl/sec-urity/news/cyber-attacks/defray-ransomware-sets-sights-on-healthcare-and-other-industries. [Accessed 19 February 2020]
[7] Tracey, R. and Schmitt, D. (2020) When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777. [online] Available from: https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/. [Accessed 19 February 2020]
[8] Elshinbary, A. (2020) Deep Analysis of Ryuk Ransomware. [online] Available from: https://n1ght-w0lf.github.io/malware%20analysis/ryuk-ransomware/. [Accessed 19 February 2020]
[9] Umawing, J. (2020) Threat spotlight: Phobos ransomware lives up to its name. [online] Available from: https://blog.malwarebytes.com/threat-spotlight/2020/01/threat-spotlight-phobos-ransomware-lives-up-to-its-name/. [Accessed 19 February 2020]
[10] Mundo, A. (2019) Buran Ransomware; the Evolution of VegaLocker. [online] Available from: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/. [Accessed 19 February 2020]
[11] Sette, N. (2020) Malware Analysis – Buran Ransomware-as-a-Service. [online] Available from: https://www.kroll.com/en/insights/publications/cyber/malware-analysis-buran-ransomware-as-a-service. [Accessed 19 February 2020]
[12] Delpy, B. and Le Toux, V. (2020) Mimikatz. [online] Available from: https://github.com/gentilkiwi/mimikatz/releases. [Accessed 19 February 2020]
[13] Landi, H. (2019) Report: 40% of healthcare organizations hit by WannaCry in past 6 months. [online] Available from: https://www.fiercehealthcare.com/tech/lingering-impacts-from-wannacry-40-healthcare-organizations-suffered-from-attack-past-6-months. [Accessed 19 February 2020]
[14] Davis, J. (2020) Ransomware Causes 15 Days of EHR Downtime, as Payments Avg $111K. [online] Available from: https://healthitsecurity.com/news/ransomware-causes-15-days-of-ehr-downtime-as-payments-avg-111k. [Accessed 19 February 2020]
[15] The National Cyber and Information Security Agency (2021) About NÚKIB. [online] Available from: https://www.nukib.cz/en/about-nukib/. [Accessed 19 February 2020]
[16] The National Cyber and Information Security Agency (2020) NCISA issued a reactive measure for select health care subjects. [online] Available from: https://www.nukib.cz/cs/infoservis/aktuality/1418-nukib-vydal-reaktivni-opatreni-pro-vybrane-subjekty-ve-zdravotnictvi/. [Accessed 19 February 2020]
[17] The National Cyber and Information Security Agency (2020) Cyberattack threat at the hospitals and other significant targets in the Czech Republic. https://www.nukib.cz/cs/infoservis/aktuality/1425-hrozba-kybernetickych-utoku-na-nemocnice-a-jine-vyznamne-cile-cr/. [Accessed 19 February 2020]
[18] Tate International – Metamorfosa (2020) Nutné kroky k bezpečnému zdravotnictví – X dní po kyberútocích na nemocnice v Benešově, Brně, Ostravě a dalších. Workshop.
[19] Donovan, F. (2019) How Network Segregation, Segmentation Can Stop Ransomware Attacks. [online] https://hitinfrastructure.com/features/how-network-segregation-and-segmentation-can-stop-ransomware-attacks. [Accessed 19 February 2020]
[20] The National Cyber and Information Security Agency (2020) Ransomware: Recommendations for Mitigation, Prevention, and Reaction. [online] Available from: https://www.nukib.cz/download/publikace/pod-purne_materialy/Ransomware%20-%20Doporuceni_pro_mitigaci_prevenci_a_reakci.pdf. [Accessed 19 February 2020]
[21] European Union Agency for Cybersecurity (2020) Procurement Guidelines for Cybersecurity in Hospitals. [online] Available from: https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-services. [Accessed 19 February 2020]
[22] Cybersecurity & Infrastructure Security Agency (2020) Alert (AA20-302A) Ransomware Activity Targeting the Healthcare and Public Health Sector [online] Available from: https://us-cert.cisa.gov/ncas/alerts/aa20-302a. [Accessed 19 February 2020]
[23] The National Cyber and Information Security Agency (2020) Supplementary materials. [online] Available from: https://www.nukib.cz/cs/kyberneticka-bezpecnost/regulace-a-kontrola/podpurne-materialy/. [Accessed 19 February 2020]
[24] The National Cyber and Information Security Agency (2020) Recommended security measures to warning from 16th April 2020. Supplementary material. [online] Available from: https://www.nukib.cz/down-load/uredni_deska/Doporuceni_k_varovani_2020-04-17.pdf. [Accessed 19 February 2020]
[25] Harašta, J. (2018) Legally critical: Defining critical infrastructure in an interconnected world. International Journal of Critical Infrastructure Protection, vol. 21, pp. 47-56. Elsevier. ISSN 1874-5482. https://doi.org/10.1016/j.ijcip.2018.05.007
[26] Černý, V. (2020). Dostupnost intenzivní péče pro hospitalizované pacienty s COVID-19. [online] Available from: https://www.uzis.cz/res/file/covid/20200324-cerny-cz.pdf. [Accessed 19 February 2020]

https://doi.org/10.5817/MUJLT2021-2-7



Copyright (c) 2021 Masaryk University Journal of Law and Technology