FireEye has published a report on cyber attacks on health systems

Health data and medical facilities are increasingly being targeted by different types of attackers, each with its own purposes. FireEye gave an overview of the situation in the Beyond Compliance report: Cyber Threats and Healthcare, where it analyzes what is happening and what scenario we should expect in the coming months.

The motivations of those who attack health facilities.

The cyber attacks against hospital facilities and, in general, the world of health, are divided into three main strands: cybercrime, industrial espionage and sponsored by the States and, finally, hacktivism, protest campaigns that are not targeted to steal confidential information or gain economic benefits.

In the first category, all those attacks aimed at extorting money from the victims, in particular, inoculating ransomware and asking for ransoms from the structures involved, but not only, fall. Even the health data, which are then resold on the black market, are very tempting since they can be used for financial scams or identity theft.

FireEye has monitored numerous such as attacks between October 2018 and March 2019. What is most striking, however, is the value of this information, sold for rather low figures: We are talking about a few hundred euros, more rarely a few thousand, for archives containing GB of data.

Chinese hacker groups target cancer research institutions

Hackers driven by mere profit are a decidedly serious problem, especially considering the number of databases that they can violate, but FireEye warns of a far worse threat. The security company has discovered that different groups of Chinese hackers, including APT41, are targeting cancer research organizations.

Their goal, according to FireEye, is to obtain medical data that can be useful to reduce the incidence of tumors that in China are the leading cause of death and a big cost for the national health system.

The Chinese groups are not the only ones interested in this information and the report also mentions Russian actors, such as APT28, which has targeted sports regulatory bodies and other organizations involved in doping tests in sports competitions.

Attacks on medical equipment

Although FireEye has not yet discovered cyber attacks targeting medical devices like pacemakers and insulin pumps, the company warns the authorities of the danger. In the last few years vulnerabilities have been discovered relating to these devices and the fact that they have not yet been exploited by criminals does not mean that the risk is absent, especially now that more and more life-saving devices are IoT devices connected to the network.

The full report of FireEye on attacks on the health sector is available at this address.