Nearly 1.9 million cyberattacks against the healthcare industry in India were recorded from January to November last year, according to research led by local cybersecurity think tank CyberPeace Foundation.
This is based on a simulation of a healthcare-based threat intelligence sensors network by the research group comprising CPF, its academic partners under CyberPeace Center of Excellence, and cybersecurity consultant Autobot Infosec.
The research has been done as part of CPF’s e-Kawach programme, which aims to implement comprehensive public network and threat intelligence sensors across India to capture internet traffic and analyse real-time threats of cyberattacks.
According to the CPF’s report, most of the attacks targeted internet-facing systems with remote desktop protocol, those that are server message block and database services enabled, and those that run old Windows server platforms.
Hackers had also tried to exploit DICOM/MYSQL/MSSQL protocols to access sensitive patient data such as medical images and diagnostic information. Massive brute force and dictionary attacks – attempted acts to log into an account by using various passwords – were also done on FTP, MYSQL and MSSQL protocols.
Additionally, the threat intelligence sensors network also captured around 1,500 malicious payloads from Trojan viruses and ransomware which hackers tried to inject into the network.
A spokesperson from CPF said hospitals and health facilities have become easy targets for malicious actors as these have been under immense strain due to the pandemic. They are also “more likely to pay a ransom to get their systems up and running again.”
The cybersecurity group advised healthcare businesses to ensure that their systems are secured by reducing unnecessary data, improving the patch level of their software, and backing up and restoring procedures and auditing systems.
It also told them to periodically conduct technical audits of their healthcare infrastructure devices, networks and any other end-points directly or indirectly connected to it, to detect security vulnerabilities. Moreover, it was recommended to hold a cyber awareness drive and develop the cybersecurity skills of their staff.
Earlier, CPF noted an increase in phishing or social engineering attacks against Indian healthcare businesses.
For example, WhatsApp messages that seemed like an offer from Apollo Hospitals – one of the biggest hospital chains in the country – have been making rounds on the app with links to a supposed medical subsidy.
AIIMS Delhi has been a recent victim of a ransomware attack; while it has restored its corrupted databases, it is still struggling to bring its digital services back online almost two weeks after the hack.
Safdarjung Hospital in New Delhi was also hit by a cyberattack in November but it was able to immediately restore its system back with no reports of compromised data.