According to a brief from the U.S. Department of Health and Human Services, at the height of the pandemic, the number of telehealth primary care visits increased 350-fold from pre-pandemic levels. SecurityScorecard and DarkOwl focused the 2020 healthcare report on reviewing the 148 most-used telehealth vendors according to Becker's Hospital Review. The report indicates that telehealth providers have experienced a nearly exponential increase in targeted attacks as popularity skyrocketed, including a 30% increase of cybersecurity findings per domain, notably:
117% increase in IP reputation security alerts
Malware infections -- as part of successful phishing attempts and other attack vectors -- ultimately cause IP reputation finding issues
65% increase in patching cadence findings
Patching cadence is the regularity of installing security patches and is often one of the primary security policies that protect data
56% increase in endpoint security findings
Exploited vulnerabilities in endpoint security enable data theft
16% increase in application security findings
Patients connect with telehealth providers using web-based applications including structured and unstructured data
42% increase in FTP issues
FTP is an insecure network protocol that enables information to travel between a client and a server on a network
27% increase in RDP issues
RDP is a protocol that allows for remote connections, which has seen increased usage since the widespread adoption of remote work
Additionally, DarkOwl's research showed a noticeable increase in mentions of major healthcare and telehealth companies across the dark web since February 2020. There was evidence of prolific and emerging threat actors selling electronic patient healthcare data, malware toolkits that specifically target telehealth technologies, and strains of ransomware that are uniquely configured to take down healthcare IT infrastructure.
The healthcare industry, despite new risks from telehealth vendors, slightly improved its security posture compared to 2019. The industry moved to 9th place out of 18 reviewed industries (up from 10th in 2019.) This is heartening, especially as the industry has been overwhelmed by an influx of patients, limited resources, rationing, and other challenges due to COVID-19.
"While telehealth is an integral part of maintaining social distancing and providing patient care, it has also increased healthcare providers' digital footprint and attack surface, which we see with the increase of findings per telehealth domain, and in factors like endpoint security," said Sam Kassoumeh, COO and co-founder of SecurityScorecard. "It's an indicator that healthcare organizations should continue to keep a focus on cyber resilience."
Mark Turnage, CEO of DarkOwl adds, "Since the onset of the pandemic, cybercriminals are entering the healthcare data selling space which ultimately leads to new risks facing healthcare organizations and their IT supply stream. Threat protection teams must remain one step ahead of potential attackers, especially during this critical time."
About SecurityScorecard SecurityScorecard is the global leader in cybersecurity ratings and the only service with over a million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 1,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
About DarkOwl: DarkOwl was founded in 2016 with the mission of collecting the broadest dataset of darknet content available in the cyber-defense industry and making that data both accessible and valuable to its clients. By empowering its customers to have eyes on the darknet, DarkOwl enables organizations and governments to fully understand their security posture, detect potential breaches and violations of the law, mitigate them quickly, and investigate even the furthest and most obscure reaches of the internet. www.darkowl.com