Cyber Security: Lessons Learned From Cyber-Attacks on Hospitals in the COVID-19 Pandemic

Vol.15,No.2(2021)

Abstract

The article deals with the issue of cyber security, specifically the security of medical facilities. The introduction summarizes and briefly analyzes the cyber attacks demonstrated on Czech health care facilities in the period from 12/2019 to 1/2021, together with the procedures adopted by the responsible authorities. The article also newly presents the current regulatory requirements for cyber security of hospitals. In the context of past attacks and based on analyzes of attacks, current legislation and events, the article will provide an opinion on whether the requirements for cyber security of hospitals are set sufficiently or whether this area should be revised. At the same time, measures will be recommended to strengthen the cyber security of hospitals.


Keywords:
Critical Infrastructure Protection; Legal Framework; cyber security; cyber-attack; Critical Information Infrastructure; CSIRT; CERT

Pages:
301–341
Author biographies

Jan Kolouch

MUNI CESNET a.l.e.

CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence (C4e)

Department of Security and Law

Tomáš Zahradnický

Faculty of Informatics and Statistics University of Economics and Business

Department of Systems Analysis, Faculty of Informatics and Statistics,

Adam Kučínský

National Cyber and Information Security Agency

Department of Cybersecurity Regulation
References

[1] Deutsche Welle (2020). German police probe 'negligent homicide' in hospital cyberattack. [online] Available from: https://p.dw.com/p/3ieQl [Accessed 19 February 2020]
[2] Kolouch, J., Zahradnický T. and Kučínský A. (2021) Cyber Attacks on Czech Hospitals in the Covid-19 Pandemic. Unpublished manuscript.
[3] Ilascu, I. (2020) Ryuk ransomware deployed two weeks after Trickbot infection. [online] Available from: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-deployed-two-weeks-after-trickbot-infection/. [Accessed 19 February 2020]
[4] Wadhwani, S. (2020) Cyber World’s Most Fearsome Ransomware Is Ryuk: SonicWall. [online] Available from: https://www.toolbox.com/security/threat-reports/news/cyber-worlds-most-fearsome-ransomware-is-ryuk-sonicwall/. [Accessed 19 February 2020]
[5] Proofpoint, Inc. (2020) New Defray Ransomware Targets Education and Healthcare Verticals. [online] Available from: https://www.proofpoint.com/us/blog/threat-insight/new-defray-ransomware-targets-education-and-healthcare-verticals. [Accessed 19 February 2020]
[6] Trend Micro Incorporated (2017) Defray Ransomware Sets Sights on Healthcare and Other Industries. [online] Available from: https://www.trendmicro.com/vinfo/pl/sec-urity/news/cyber-attacks/defray-ransomware-sets-sights-on-healthcare-and-other-industries. [Accessed 19 February 2020]
[7] Tracey, R. and Schmitt, D. (2020) When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777. [online] Available from: https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/. [Accessed 19 February 2020]
[8] Elshinbary, A. (2020) Deep Analysis of Ryuk Ransomware. [online] Available from: https://n1ght-w0lf.github.io/malware%20analysis/ryuk-ransomware/. [Accessed 19 February 2020]
[9] Umawing, J. (2020) Threat spotlight: Phobos ransomware lives up to its name. [online] Available from: https://blog.malwarebytes.com/threat-spotlight/2020/01/threat-spotlight-phobos-ransomware-lives-up-to-its-name/. [Accessed 19 February 2020]
[10] Mundo, A. (2019) Buran Ransomware; the Evolution of VegaLocker. [online] Available from: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/. [Accessed 19 February 2020]
[11] Sette, N. (2020) Malware Analysis – Buran Ransomware-as-a-Service. [online] Available from: https://www.kroll.com/en/insights/publications/cyber/malware-analysis-buran-ransomware-as-a-service. [Accessed 19 February 2020]
[12] Delpy, B. and Le Toux, V. (2020) Mimikatz. [online] Available from: https://github.com/gentilkiwi/mimikatz/releases. [Accessed 19 February 2020]
[13] Landi, H. (2019) Report: 40% of healthcare organizations hit by WannaCry in past 6 months. [online] Available from: https://www.fiercehealthcare.com/tech/lingering-impacts-from-wannacry-40-healthcare-organizations-suffered-from-attack-past-6-months. [Accessed 19 February 2020]
[14] Davis, J. (2020) Ransomware Causes 15 Days of EHR Downtime, as Payments Avg $111K. [online] Available from: https://healthitsecurity.com/news/ransomware-causes-15-days-of-ehr-downtime-as-payments-avg-111k. [Accessed 19 February 2020]
[15] The National Cyber and Information Security Agency (2021) About NÚKIB. [online] Available from: https://www.nukib.cz/en/about-nukib/. [Accessed 19 February 2020]
[16] The National Cyber and Information Security Agency (2020) NCISA issued a reactive measure for select health care subjects. [online] Available from: https://www.nukib.cz/cs/infoservis/aktuality/1418-nukib-vydal-reaktivni-opatreni-pro-vybrane-subjekty-ve-zdravotnictvi/. [Accessed 19 February 2020]
[17] The National Cyber and Information Security Agency (2020) Cyberattack threat at the hospitals and other significant targets in the Czech Republic. https://www.nukib.cz/cs/infoservis/aktuality/1425-hrozba-kybernetickych-utoku-na-nemocnice-a-jine-vyznamne-cile-cr/. [Accessed 19 February 2020]
[18] Tate International – Metamorfosa (2020) Nutné kroky k bezpečnému zdravotnictví – X dní po kyberútocích na nemocnice v Benešově, Brně, Ostravě a dalších. Workshop.
[19] Donovan, F. (2019) How Network Segregation, Segmentation Can Stop Ransomware Attacks. [online] https://hitinfrastructure.com/features/how-network-segregation-and-segmentation-can-stop-ransomware-attacks. [Accessed 19 February 2020]
[20] The National Cyber and Information Security Agency (2020) Ransomware: Recommendations for Mitigation, Prevention, and Reaction. [online] Available from: https://www.nukib.cz/download/publikace/pod-purne_materialy/Ransomware%20-%20Doporuceni_pro_mitigaci_prevenci_a_reakci.pdf. [Accessed 19 February 2020]
[21] European Union Agency for Cybersecurity (2020) Procurement Guidelines for Cybersecurity in Hospitals. [online] Available from: https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-services. [Accessed 19 February 2020]
[22] Cybersecurity & Infrastructure Security Agency (2020) Alert (AA20-302A) Ransomware Activity Targeting the Healthcare and Public Health Sector [online] Available from: https://us-cert.cisa.gov/ncas/alerts/aa20-302a. [Accessed 19 February 2020]
[23] The National Cyber and Information Security Agency (2020) Supplementary materials. [online] Available from: https://www.nukib.cz/cs/kyberneticka-bezpecnost/regulace-a-kontrola/podpurne-materialy/. [Accessed 19 February 2020]
[24] The National Cyber and Information Security Agency (2020) Recommended security measures to warning from 16th April 2020. Supplementary material. [online] Available from: https://www.nukib.cz/down-load/uredni_deska/Doporuceni_k_varovani_2020-04-17.pdf. [Accessed 19 February 2020]
[25] Harašta, J. (2018) Legally critical: Defining critical infrastructure in an interconnected world. International Journal of Critical Infrastructure Protection, vol. 21, pp. 47-56. Elsevier. ISSN 1874-5482. https://doi.org/10.1016/j.ijcip.2018.05.007
[26] Černý, V. (2020). Dostupnost intenzivní péče pro hospitalizované pacienty s COVID-19. [online] Available from: https://www.uzis.cz/res/file/covid/20200324-cerny-cz.pdf. [Accessed 19 February 2020]

Metrics

919

Views

950

PDF views