They warn of the increase in data theft in hospitals: this is how they do business with your clinical information

Hospital centers have become one of the main targets of cybercrime in times of pandemic. Now, when it seems that we are gradually recovering normality, criminals continue to try to make a killing thanks to the data they steal from patients and then trade with them on the Deep Web. The phenomenon has continued to grow during the first half of 2022, according to the cybersecurity company S21 Sec in its recent Threat Landscape Report. “It may be a one-time thing. In the end, the attacks are related to the campaigns that take place throughout the year, in which the objectives of the cybercriminals change. In the pandemic we were clear that the health sector was going to suffer, and now it seems that the problems are still there, ”explains Igor Unanue, head of technology at S21, in conversation with ABC. According to the company’s study, during the first half of the year, health centers have been the fifth favorite target of cybercriminals who work with ‘ransomware’-type code, designed to hijack the victim’s computers with the aim of get a financial bailout. This sector, according to the report, is only surpassed in the number of attacks received by the technological, industrial, retail and construction sectors. Regarding the main objectives of cybercriminals, S21 points to data breaches, which would allow the criminal to have patient data with which to do business, and in the sale or auction of access to entities in the health sector. Be that as it may, to achieve this they usually use the human error of the workers. “Attacking a hospital is not difficult. They have security measures, but criminals continue to do harm by sending malicious emails and infecting users,” says Unanue. “Human errors are very common, both when you ‘click’ on a message where it shouldn’t be and in data management,” remarks the head of technology at S21. During the first six months of this year, the cybersecurity company has detected a total of 50 data breaches in hospitals and health centers. However, this figure, according to experts, could be higher because some clinics do not report incidents due to ignorance or fear of reputational damage, since the attackers do not announce the sale of the stolen data on blogs or underground forums. Thousands of dollars in auctions By exploiting security breaches in health centers, criminals can access data of all kinds, such as the clinical history of patients, their medical information and even their bank details. “Private data is taken and put up for sale normally. They can also use them to carry out more targeted attacks against the users they belong to,” says Unanue. And it is not the same to receive an anonymous message in which you are asked to ‘click’ on a link, that same email is addressed to the user with names and surnames in addition to other truthful information. In the second case, it is much easier for the Internet user to pique and, in this way, take away more data that may be of interest to the offender. According to S21, the information stolen from a health center is so valuable that they have come across auctions on the Deep Web of hospital centers in the United States, Canada, France or the United Kingdom with an initial price between 3,000 and 5,000 Dollars . MORE INFORMATION news No If you use Zoom, update it: they discover two serious vulnerabilities through which they can spy on you news No A new scam has been detected in Wallapop and Vinted: this is how they can steal your money Among the attacks perpetrated during the first half of 2022, the cybersecurity firm highlights the data breach suffered in January by the Hospital Centro de Andalucía -which caused patient information to be left up in the air- and the one experienced by the American hospital group Shields Health Care at the beginning of June, compromising more than 2 million patients.