Article:

BDO Cyber Threat Insights Report Q2 2018

13 August 2018

The Q2 2018 BDO Cyber Threats Insights Report discusses recent cyber security activities with special focus on the healthcare industry.

Significant cyber events worldwide: April – June 2018

Nation-backed cyber-criminal activity stole the spotlight in a review of cyber activity during the first half of 2018. Russia and China continue to be the most prominent cyber actors, both via:

  1. Nation-State cyber warfare groups, such as APT28 and APT29.
  2. Cyber-Criminal groups, with Cobalt and Carbanak being the most noteworthy.
  3. Several Chinese attack campaigns also surfaced during the first half of the year.

In May, an attack against Banco de Chile affected 9,000 computers and corrupted 500 servers, enabling the attackers to steal $10 million dollars via the SWIFT system. The attack is currently attributed to North Korea and was the first time that a financially motivated attacker targeting a large financial organization executed a financial heist in conjunction with a sophisticated and fully realized wiper attack.

This modus operandi will force organizations and companies across all industries to re-evaluate how they can better respond to and mitigate multi-vector attacks that take place against several systems. Furthermore, cyber-attack contingencies must be modified to allow a rapid, yet organized, shut-down of an organization’s computer systems to survive such attacks.

Recent Cyber Events in the Healthcare Industry

This report provides an overview of healthcare cyber events and attacks during the first half of 2018. Following the trend of the last couple of years, most of the reported attacks are based on ransomware; either spear-targeted attacks or “scattershot attacks” (i.e. unfocused, and often generic attacks). The vast majority of malware attacks in the healthcare sector are delivered via file attachments or URLs that link the user to malicious code. In Q1 2018, malicious URLs were the preferred vehicle.

Malware is a concern that plagues numerous industry sectors. However, healthcare organizations have experienced a relatively large number of successful attacks in comparison to other sectors, such as the financial services industry, indicating that the sector’s computer systems are systematically ill-protected.

This matter is further compounded by continual developments and adoption of artificial intelligence (AI) and IoT systems. According to International Data Corporation (IDC), AI investments were projected to reach U.S. $12.5 billion in 2017 alone. Still, it pales in comparison to IoT investments, which were expected to exceed U.S. $800 billion and are forecasted to reach U.S. $1.4 trillion in 2021. The number of connected medical devices is currently estimated at 10 billion, and is expected to reach 50 billion within the next 10 years, according to healthcare cybersecurity firm Cynerio.

The industry is currently in the early stages of re-evaluating operations with regards to new cyber threats and the integration of AI and IoT systems with life supporting technologies. It will be imperative to ensure new medical devices are well-deployed and operated properly, as any disruption, failure or security breach may result in loss of life. It will likely take several years for the healthcare industry to fully address this matter.

Download Report