Healthcare has been one of the most severely impacted industries by the still-menacing COVID-19 virus. The sudden global pandemic created a surge in demand for clinical care, medical equipment, healthcare technologies and eventually - a solution. All of these and more rely on information technology. From making appointments and delivering healthcare to patients, to using internet-connected medical devices and developing vaccine research, COVID-19 response is vulnerable to cyber attacks on all levels. Being by far the most pressing issue today, it comes as no surprise that attackers are exploiting the difficult situation healthcare institutions are facing to wreak havoc and cash in on their struggle.

Last week, Universal Health Services, confirmed that the ransomware attack on their networks on September 27^th affected computers at all of their US care sites and hospitals. The ransomware that hit UHS, one of the largest health systems in the US, is the infamous Ryuk, which has been wreaking havoc in targeted ransomware attacks since 2018. During the attack, the Ryuk began shut down systems in the emergency department, as well as additional systems causing some ambulances had to be diverted, and lab test results became delayed. Technicians at some UHS-owned facilities described reverting to pen-and-paper during the attack.

In the third quarter of 2018 alone, 4.4 million patient records were compromised across 117 disclosed health data breaches. This shows that health care continues to be targeted by criminals. The largest breach was UnityPoint, with 1.4 million records compromised.

ThreatSTOP CEO and Founder Tom Byrnes recently spoke with SC Magazine about the inherent security risks of IoT devices in the healthcare industry.