The effort made to cope with the‘emergency dictated by the spread of the virus and at the same time to guarantee citizens other essential services in the medical field, has exposed the healthà of our country to the attentions of cyber criminals, aware of the particular vulnerabilityà of the system in a context of accelerating digital processes as a result of the restrictions on people’s movements and social distance.
The result is that health care facilities are increasingly in the crosshairs of attacks hackers. According to a recent report by Trend Micro Research, the division’s by multinational cybersecurity software company Trend Micro, in 2020 there were 20,777 unique malware and 2,063 unique ransomware that affected Italian healthcare facilities, handing the most vulnerable in this historical phase marked by the pandemic the unenviable record of cyber attacks suffered.
Ransomware ranks first in popularity.à and impact, in a Ranking of 8 threat groups developed by Threat Landscape 2021 published in October by the‘ENISA, l‘Agency of the‘European Union for the Cybersecurity. The report of‘Agency European stresses as the remotization of work, in the years 2020 and 2021, contributed to increase and make “mainstream” cybersecurity threats related to the pandemic and the exploitation of the new normal.à of the smart working, which has in fact “increased the area of attack” causing “An increase in the number of cyber attacks directed at organizations and companies” With staff operating remotely.
“We entered the‘era of the‘enterprise ransomware, sophisticated attacks, prepared carefully and months in advance, followed by demands for ransomware the result of a thorough study, tailored on the affected organizations. A process facilitated by the decoupling between those who designs and develops ransomware on the one hand and those who launch the attacks,” says Giuseppe Bianchi, Full Professor of Telecommunications and Network Security at the University of Rome Tor Vergata.
The ransomware attack on the Lazio region
The vulnerabilityà of the Sanità in the face of cyber attacks has been confirmation and a particular echo with the hacker attack, unleashed through a ransomware, that struck on Sunday, August 1, 2021, the data center that houses some of the Lazio Region’s IT systems: the ransomware has compromised for a few days the‘use of some of the services and applications available to citizens and the registration portal for COVID-19 vaccinations, thus slowing downì the vaccination campaign.
What is ransomware
Ransomware is malware that makes computer data inaccessible infected. As happened in the case of the ‘attack on the Lazio region, those who lash out a‘offensive through ransomware demands payment of a ransom, usually in cryptocurrency, in exchange for a password to be used to Have access to the locked files again. If the victims of the attacks are public administrations or companies l‘extortion is soì twofold: on the one hand the demand for money to make their files accessible again, on the‘other the threat of making compromised data public with the risk of creating serious reputational problems.
Falling into the ransomware trap is quite simple: the virus can in fact be installed on a computer through phishing emails (used in particularly by the Conti ransomware), which invite the‘user to click on a certain link or by browsing compromised sites that host malware that is easy to download.
The rise of ransomware attacks around the world
NCC Group’s Research Intelligence and Fusion Team (RIFT) has determined that between January and June 2021, the number of ransomware attacks worldwide increased by 288 percent: 49 percent of victims are U.S.-based, 7 percent are based in France and 4% in Germany.
The ransomware Lockbit 2.0
The ransomware used in the‘attack on Sanità Lazio would have been the Lockbit 2.0, among the most dangerous computer viruses around. Formerly known as ABCD ransomware, Lockbit 2.0 was developed 3 years ago and is a RaaS operator that operates file encryption by renaming files with the‘extension “.Lockbit”. The hackers behind the Development of this ransomware claim it offers the fastest encryption on the criminal market. In addition to the Lazio Region, Lockbit 2.0 would do, according to its creators, over 50 victims so far in numerous countries around the world including the United States, Germany, Argentina and the United Kingdom. “In the case of the‘attack on the Lazio Region,” explains Francesco Quaglia, professor of computer engineering at Università of Rome Tor Vergata – it is possible that the defenses on the field were quite low. E ‘ a problem common to many organizations, whose security systems are now found to be rather Dated, despite exist già infrastructure advanced e performers.”. A view shared by Professor Bianchi, according to whom. “to counteract today a cyber attack is required a‘comprehensive infrastructure spanning all areas of cybersecurity and be able to raise the defenses needed.”. There are models that provide a “shopping list” of resources and activitiesà to put in place, unfortunately many organizations, not only small but also medium-sized, are not yet equipped. “Countering cyber attacks means providing security controls, organize processes, equip themselves with supports and services that ensure continuityà and recovery” continues Bianchi, according to whom fundamental is the training of employees regarding the strategies that hackers adopt to launch an attack. “It is appropriate to involve them in simulations of attack to test their capabilitiesà in evading or countering attacks.” Bianchi concludes.
Health care facilities among favorite victims of hackers
The Lazio Region is just one among many more recent victims of cyber attacks in healthcare that not only jeopardize services that are essential to people’s lives but also expose to a very serious risk to the private data of millions of citizens. In June 2021, Vice made its debut on the criminal scene. Society, a hacker group capable, according to Cisco Intelligence Team Talos, to “rapidly exploit new vulnerabilitiesà security vulnerabilities to facilitate ransomware attacks“. In just a few weeks, Vice Society has targeted several hospital facilities: Eskenazi Health in Indianapolis (USA), Waikato DHB in Hamilton (New Zealand), Centre Hospitalier in Arles (France), and Barlow Respiratory Hospital in California. A criminal offensive of a global nature, that conducted by cyber criminals, which worries governments, local health administrations estructures of private hospitals, which are increasingly vulnerable as a result of the progressive enlargement of the digital perimeter in which they operate. “Data theft against a health care organization exposes patients to the risk of blackmail to disseminate extremely sensitive and personal data such as those belonging to the health sphere. That same data could then, for example, be given to insurance companies that could use it to alter policy prices,” explains Gaetano Marrocco, director of the School of Medical Engineering at University of Rome Tor Vergata.
The danger to medical devices
Not just data. Hackers are also able to target medical devices such as pacemakers or insulin pumps: devices electronic devices that are regulated by operating systems and as such can be manipulated through cyber attacks. A scenario not at all ‘not at all unlikely and that indeed worried even the‘former vice president of the United States Dick Cheney, who is suffering from heart disease. During the television broadcast “60 Minutes” the deputy of Bush indeed revealed that his doctor had ordered that the functionalityà wireless of his heart implant for fear that it might Being violated in an assassination attempt. Since then almost a decade, and technology has made enormous strides: the‘introduction of 5G technology, which features low latency and higher speedà of data transmission, has opened up important scenarios concerning the remote surgery, which thanks to the‘aid of robots, will enterà increasingly become part of the‘ordinary medical administration. With all the risks involved: a cyber attack launched against a device that performs delicate surgical operations could easily endanger the life of the patient. “To reduce the risk of cyber attacks, governments and institutions must invest in expertise to reorganize processes and architectures of the systems and strengthen critical infrastructure. L ‘investment must be made peremptorily on education. We need to increase the number of graduates.” Francesco Quaglia concludes.