Continuing cyberattacks on Spain’s health system in the 2nd COVID-19 wave

GMV’s Cyberthreat Intelligence team, which keeps a permanent track of all malicious activity, warns of the persisting risk of cyberattacks on Spain’s health system during the 2nd COVID-19 wave. Health service providers, pharmaceutical companies, insurers and health centers are still firmly in the hackers’ sights.

The latest ransomware attacks show that these data-theft cybercriminals are now targeting patients’ medical records, healthcare personnel’s records, information on the development of new drugs, clinical trials, industrial property, etc.

GMV’s Cyberthreat Intelligence team has therefore drawn up a series of recommendations to ensure that health service providers, pharmaceutical companies, insurers and health centers are alert to the threats and protect themselves accordingly:

1.- The solution to this problem, both at professional and individual level, should focus on prevention as much as or even more than detection.

At professional level:

• Strengthen telework cyber-protection measures, such as secure VPNs or web filtering.
• Ensure proper management of patches and updates.
• Monitor own and third-party vulnerabilities as well as the vulnerabilities of medical devices like pacemakers, glucose monitors and ultrasound devices.
• Implement multifactor authentication by means of SMS, Google Authenticator or any other method.

At individual level:

• Be particularly careful with emails , SMSs or WhatsApps from unknown senders. Never click on links or phrases like «click here» even if the message concerned has a normal appearance.
• Install in computers and handhelds only official applications from a recognized source, such as Google Play or Apple App Store.
• Keep computers and handhelds updated.
• Use long, different passwords for each account.
• Minimize the use of geolocation on telephones.
• Do not connect up to unknown or open Wi-Fi networks.

2.- Healthcare organizations should set up and run a Strategic Cybersecurity Plan to standardize cyberattack response procedures and budget for the outlay in the necessary wherewithal. If the necessary technological resources are not to hand, cloud solutions can be resorted to, with data encryption methods to protect the stored information. Personnel should have the necessary skillsets and experience to confront today’s increasingly-sophisticated cybersecurity threats.

3.- Encourage a cybersecurity culture by means of periodic training courses on prevention measures, thus raising awareness of practices to avoid and consolidating sound cybersecurity behavior (e.g..: not exchanging health data by email unless encrypted with electronic certificate; making sure the password is secure and unshared, to fend off phishing; not connecting removable media that have been used in other computers, etc).

4.- Draw up an Incident Response Plan laying down cyberattack response procedures, seeking to minimize the impact at all levels and avoid downtime in the organization’s daily services, by means of backup and restoration procedures.

5.- Constant liaison with public and private cybersecurity organizations.

GMV runs a Computer Emergency Response Team (CERT) to deal with any threats. The CERT’s activities include infrastructure monitoring, audits, security vetting code analysis in the application development lifecycle, threat cyberintelligence, post-mortem forensic attack analysis plus compliance and consultancy services.