Ransomware Attacks Targeting Pharma and Healthcare Sectors Amid COVID-19

This March, while coronavirus was on its way to gain the status of a global pandemic, hackers made Hammersmith Medicines Research a ransomware target. Fortunately, the threat was contained on the same day and the company did not have to pay any ransom.

However, not all companies are as lucky as this one. ExecuPharm, a Pennsylvania-based company, was hit by a ransomware attack, where employee credentials were stolen.

What is happening: The healthcare sector makes for a lucrative playground for ransomware attackers. They are responsible for making the crisis worse for hospitals and health care organizations as the latter is forced to pay up due to life or death urgency. While medical facilities are working around the clock to treat patients back to health, their capabilities are stretched thin and cannot afford to have their IT systems knocked down.

The situation: COVID-19 has paved the way for a global trend of avaricious ransomware attacks. 
  • Initially, hackers gain access to the networks by exploiting vulnerabilities in the internet-connected infrastructure of an organization. 
  • As they wait for the right moment to release the ransomware, in the meanwhile, they keep extracting data from the victim’s network.
  • Various malicious emails have been sent across between March 24 and March 30 from a spoofed WHO email address. 

What the experts are saying: 
  • Hospitals and clinical labs in the U.S. and Europe have suffered the most ransomware attacks since cybercriminals are exploiting the crisis for maximum cash out. 
  • Interpol, in its global warning, stated, “As hospitals and medical organizations around the world are working nonstop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients.”

Also: It is not always possible to track down attackers by the tools available or the kind of ransomware used, as different groups either use different tactics for different targets or copy each other. Moreover, ransomware attackers keep alternating between infrastructures, which makes it difficult to trace them.

What you can do: It is required that organizations take better care in the identification and monitoring of threats and vulnerabilities. Crises like these should catapult the healthcare sector into taking action.

In essence: Ransomware is at its threatening best now and thus, measures have to be taken.
  • Change passwords that can be easily guessed.
  • Patch known vulnerabilities. 
  • Improve system monitoring capabilities.