Security Threats and Attack Methods During the COVID 19 Pandemic

Introduction

The COVD19 pandemic has posed a significant challenge to the global healthcare
system. It has also posed a challenge to the resilience of information systems in healthcare.
Cyber security attacks hit another new level during the pandemic as the hackers took advantage
of the compromised security systems (Coventry & Branley, 2018). The increased cyber security
threats such as ransomware, phishing, and denial of services DDoS have been a serious
implication for the spectrum of the healthcare system. This paper provides a risk register and
analyzes the top five security risks and attack methods related to COVID-19 specifically targeted
at healthcare facilities, staff, and patients.

The Risk Register

Risk 1: Risk 2: Rusk 3: Risk4: Risk 5:

Risk rank Ransomware Insider Threats DDoS
Attacks

Email
Phishing

Data Breach

Risk
Description

The hackers
attack the
health
system using
ransomware
that encrypts
all data on
devices and
hinders the

Due to limited
security
protocols in the
healthcare
organizations,
the insiders are
usually
suspected due to
their access to

The DDoS
attack
prevents
individual
owners
from
accessing
their
networks.

Clicking on
the
unrecognized
email links
by the
employees in
healthcare
leads the
suffering in

A data breach
occurs when
information is
taken from a
system
without the
authorization
or knowledge
of the owner.

3

users from
accessing
them.
Messages are
then sent to
the owners
demanding
large sums of
funds for the
decryption
key
(Coventry &
Branley,
2018).

confidential
information to
the healthcare
organization,
exploiting their
credentials or
causing harm
and financial
gain in the
system.

the entire
sector by
allowing
cybercriminal
s to access
the
organization’s
networks. By
clicking the
links, the
virus enables
the attackers
to track the
owner’s
online
movement,
hence
obtaining the
data.

Source,
Drive, or
risk drive.

Ransomware
is spread
through
phishing

Sources of
insider threats
include former
or current

Application
layer attack
is the main
risk drive of

The email
phishing
occurs when
the attackers

Hacking
attacks are the
most common
driver of data

4

emails and
drive-by
downloading
.

employees who
have access to
critical
information in
the system.

DDoS masquerading
as the trusted
entities lure a
victim into
opening text
messages,
email, or
instant
messages

breaches.

Likelihood Ransomware
is the fastest-
growing
security
threat. The
experts of
cybersecurity
ventures
predict that
one attack
may take
place every
11 seconds
in 2022

The latest
finding from the
Verizon data
breach report of
2021 indicates
that insider
threats are
responsible for
approximately
22% of security
actions.

With the
massive
growth in
blocked
malicious
events, it is
difficult for
DDoS
attacks
might
disappears
soon. th

The findings
suggest that 1
in every 4200
messages are
phished
emails. About
65 target
groups rely
on phishing
as the basic
infection
vector.

The likelihood
of
experiencing a
breach within
two years is a
31% increase
in the odds.

5

Organizatio
n impact

Ransomware
leads to
increased
losses in the
healthcare
sector,
including
organization
al data.

The insider
attacks cause
healthcare
professionals
and clients to
lose confidence
in the system’s
ability to protect
health secrets,
personal
information, or
other critical
ideas (Coventry
& Branley,
2018). A loss of
confidence
results in a loss
of effectiveness
of the
healthcare
system.

The DDoS
attack
causes
monetary
loss and
server
outages and
puts IT
professional
s under
pressure to
return the
resources
online.

Phishing
emails impact
organizations
through data
loss, financial
penalties, loss
of customers,
and damaged
reputation.

Health care
sectors that
experience
data breaches
make
professionals
consume more
time resolving
the cases, thus
ignoring
patient care.

Risk
Response

Ransomware
attacks are

Insider threats
impact

The right
preventions

The risks of
responses to

To respond to
data breach

6

responded to
by reporting
the attacks to
the boards,
perspectives
customers,
and
regulators.

approximately
22% of cyber
security issues
and
detections
methods
help stop
DDoS
events
before
proceeding
to gain
momentum
to topple the
heal care
systems
network.

phishing
emails entail
compromisin
g email
accounts and
introducing
malware into
phishing
victims’
networks and
computers,

cases, first,
one should
investigate,
follow breach
communicatio
n processes,
and integrate
relevant
documents
concerning
the data
breach.

Owner Ransomware
is owned by
Russian –
linked
hackers.

The insider
threat is owned
by Shawn
Thompson, the
CEO and the
founder of the
management.

Dmitry
Sabitov and
Evgeny
Marchenko
own DDoS.

The CEO
fraud owns
the
cyberattack in
which
fraudsters
invades
organization
executive via

The data
owner is the
organization
using the
cloud. The
breach also
leads to the
compromising
of critical data

7
email. relating to the
healthcare
system (Kruse
et el., 2017)

Opportunity Ransomware
enables the
cleaning of
infected files
in the
computer
and avoids
spreading
infections to
other
computers.

Insider threat
creates
opportunities
for protecting
information for
easier
circumnavigatio
n of security
measures.

DDoS
opportunity
is evident
by
establishing
Corero
Network
Security in
the annual
study of
services
givers with
drivers’
objectives,
barriers, and
benefits to
improved
DDoS

The email
phishing
opportunity is
fueled by
employees’
lack of
training,
focusing on
phishing and
ransomware,
leading to the
attack’s
success.

Big data has
resulted in
new
possibilities
for
cybersecurity
teams and
allowed
cybercriminal
s to acquire
personal; and
sensitive
information
through
advanced
technology.

8

protection.

Key Risk
indicators

Signs of the
ransomware
risk entail
name file
extension
with the file
names.

Risk indicator
for insider
threats includes
repeated
attempts to
download
sensitive data
and unusual use
of applications
(Jalali et al.,
2019).

Risk
indicators
for DDos
are out-of-
band
detections
through the
traffic flow
method and
examination
of all data
packages.

The most
common risk
indicators of
a phishing
email are
grammar,
tone, urgency
in the subject
line, and an
email
message.

The data
breach risk
indicators
entail
regulatory
changes,
economic
downturn, low
staff
satisfaction,
and security
breaches.

The focus of Analysis

The primary focus of risk analysis is to identify gaps in information security and then
take measures to eliminate security threats. The analysis also aims to protect and improve patient
safety by eliminating clinical data breaches and reducing medical errors. The healthcare
organization uses electronic healthcare records (EHR) and Electronic Medical Records (EMR)
systems to collect, store, and retrieve patient clinical data and these systems are at risk of a data
breach. EHR consolidates patients’ clinical information into a digital format allowing access to
only authorized users; however, hackers may get access to this information hence risking the

9
safety and confidentiality of the patient data (Coventry & Branley, 2018). While EMR is used
within the healthcare organization, EHR can be shared between different healthcare
organizations; hence it is at high risk of data breaches and cybersecurity issues. Therefore, the
risk analysis is key to ensuring that the healthcare information system such as EHR and EMR is
secured to protect patient data from cybersecurity issues and access of this data by unauthorized
individuals.

Resource Requirements and Relationships

Several resources will be required to mitigate ransomware, email phishing, data breach,
DDoS Attacks, and inside threats. Firstly, there will be a need for adequate funds to hire
professional technicians to install firewalls and antivirus software to protect patient privacy and
clinical information at high risk of cybercrimes. Additionally, the healthcare organization will
need skilled and tech-savvy healthcare providers to eliminate the problem of email phishing;
therefore, there will be a need for funds to hire and train the healthcare providers to avoid
clicking on the unauthorized links that may lead to access of patient information by unauthorized
users. The information system risks identified significantly impact other processes in the
healthcare organization. For instance, when ransomware, DDos, and Data breach occurs, the
clinicians may not have access to patient treatment information and may lose track of their
patient’s appointments, increasing the risk of medical errors, which threatens the safety and
quality of health care services. Also, email phishing may lead to unauthorized people accessing
patient data; hence patient privacy and confidentiality will be jeopardized. Finally, insider threats
may affect financial crisis as ill-motived personnel or former employees may have access to
healthcare organization confidential data such as financial transactions and profit from it by
diverting the funds meant for facility operations.

10

Justification of Risk Ranking

Ransomware is a severe security problem that affects thousands of healthcare systems
each year. The second threat is the insider threat, which is triggered by employee acts and
produces 25% of the sector’s damage. Many data indicate that 62 percent of employees access
system accounts, interfering with privacy. The third security threat is distributed denial of service
(DDoS), which causes significant harm by prohibiting owners from accessing their networks.
The third threat is email phishing, the most common and damaging danger to healthcare sectors,
causing even greater losses. Finally, a data breach is merely a threat that does less damage than
other security threats. A data breach occurs when information is taken from a system without the
owners’ authorization.

Organizational Recommendation and Security – Related Actions
To solve the issues involving cyber-attack in an organization, reporting the attacks to the
boards, regulators and customers are essential. Also, the right prevention and detection methods
may help stop DDoS before they overwhelm healthcare systems (Jalali et al., 2019). Email
phishing threats can be mitigated by training staff and patients to avoid clicking suspicious
emails, using strong passwords and updating software. Lastly, an organization can mitigate data
breach risks through encryption and data back-up, regular risk assessments to identify potential
loopholes, updating security software, staff awareness, training, and ensuring partners and
vendors follow high data protection rules.

11

Impacts of Cybersecurity Threat on Organization and Opportunities Created by

Risks

The five security threats have a significant influence on enterprises. Firstly, ransomware
can lead to losses in the healthcare business, particularly financial. Additionally, insider threats
can cause healthcare professionals and clients to lose confidence in a healthcare organization’s
ability to preserve private information and other critical data. Finally, security threats can cause
data loss, financial fines, customer loss, and time wastage when resolving cybersecurity attacks.
The data-driven economy, cybersecurity job opportunities, and harnessing technical expertise are
examples of how security threats produce opportunities. Cyberattacks also bring new business
methods, new economic opportunities, and innovative approaches to make a significant
difference in the healthcare industry.

Summary of Key Findings

Cyber security has been a source of concern, and criminals have taken advantage of the
pandemic. When healthcare resources were severely constrained at the height of the pandemic,
and most efforts were directed at containing the virus and managing patients, cybercriminals
made numerous attacks against healthcare staff, patients, and organizations. Security threats such
as ransomware, phishing, data breach, and denial of service have become increasingly prevalent,
posing a major threat to the healthcare system. The emerging risks have a far-reaching impact,
threatening patient data privacy and confidentiality as unauthorized individuals can easily access
patient clinical data. The risks also threaten to increase the cost of healthcare organization
operation as there is a need to develop secure information security systems for EHR and EMR
systems used in the healthcare organization. However, the risks can be reduced by hiring
professional technicians to install a firewall and strong anti-virus and strong passwords to

12
prevent risks such as ransomware, DDoS, insider threats, data breach, and email phishing. The
risks presented healthcare organizations with an opportunity to improve employees’ technical
expertise by adopting innovative approaches such as installing strong passwords, firewalls, and
anti-virus to prevent the risks associated with cybercrimes.

13

References

Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends,
threats, and ways forward. Maturitas, 113, 48-52.
Jalali, M. S., Razak, S., Gordon, W., Perakslis, E., & Madnick, S. (2019). Health care and
cybersecurity: a bibliometric analysis of the literature. Journal of medical Internet
research, 21(2), e12644.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in
healthcare: A systematic review of modern threats and trends. Technology and Health
Care, 25(1), 1-10.