Kaspersky Lab experts predict that more and more advertisements for the sale of medical data will appear on the darknet, including information from medical records or insurance policies.
The fact is that now such information is even more expensive than bank card data, since it is a valuable resource for attackers, helping them to gain trust in users and deceive themselves or their relatives.
Access to electronic medical records is not only necessary for attackers to steal them. They can also make changes to them to carry out targeted attacks and deliberately make diagnoses difficult.
Medical companies are increasingly becoming victims of cryptographers. Such incidents become possible because, firstly, the healthcare industry does not take the risks associated with digitalization seriously enough, and secondly, they do not pay due attention to the issues of training employees in basic cybersecurity skills.
In 2019, every fifth device (19%) was attacked by medical organizations around the world. According to researchers, the number of such attacks will increase, especially in developing countries, where the digitalization of medical services is just beginning. In particular, there will be more and more targeted attacks with the help of encryptors, which lead to a loss of access to internal data or resources. This is fraught with violations in the process of diagnosis and even depriving patients of the help that is required immediately.
In addition, the number of attacks on medical research institutes and pharmaceutical companies conducting innovative research will increase. So, in 2019, 49% of devices in pharmaceutical companies were attacked. Research conducted by such organizations is expensive and their results are highly valued, therefore, most likely, in 2020 they will more often become the target of APT groups specializing in theft of intellectual property.
It is not yet known about attacks on implantable medical devices, such as neurostimulators, but since they contain numerous vulnerabilities, their exploitation by attackers is only a matter of time. The creation of centralized networks of wearable and implantable medical devices can lead to the emergence of a single entry point for a large-scale attack simultaneously on all patients using such devices.