Phishing is on the rise in Spain, especially attacks exploiting the COVID19 pandemic. Spain’s health system is an attractive target for cybercriminals. Health-service providers, pharmaceutical and insurance companies and health centers all harbor between them a host of data on people’s health, plus information on the development of new drugs. If stolen, this data could impinge directly on patient care, the privacy of clinical test participants, industrial propriety or even the professional-association membership number of a medicament-prescribing doctor
GMV’s cyberthreats intelligence team is on the constant lookout for any malicious activity and has passed on a warning to Spain’s health system. Juan Ramón Gutiérrez, Head of Threat Intelligence explains that “Between 60% and 70% of threats use social engineering as their entry vector, taking advantage of human weakness and curiosity, need of information and fear of COVID19 or an altruistic urge to help or find out more”.
He likewise points out that, according to the figures of Trend Micro for the current year, “Spain ranks ninth in the main countries hosting COVID19-related malicious URLs, used for phishing campaigns or for the purposes of cybercrime. GMV Cyberthreat Intelligence team’s monitoring figures show, as can be seen in the graph below, that “phishing is the commonest form of attack, hosted in emails, SMSs or WhatsApp messages”. This responds to the main aim of “stealing the data of patients or healthcare staff”.
State of cybersecurity in Spain’s health system
After analyzing the map of the state of cybersecurity in Spain’s health system, GMV’s experts have drawn the following conclusions: 1) the obsolescence of their technological equipment leaves the door open to threats exploiting vulnerabilities stemming from lack of support; 2) the current design of healthcare networks does not fit in with the new ICT-intensive scenario, whereby critical activities (digital diagnosis- and monitoring-equipment, data and historical record storage systems, appointment management services, surgeon agendas, transplants, etc) are all open doors to cybercriminals; 3) The coexistence in certain public access network centers (Wi-Fi) of personal healthcare-personnel equipment sets up indirect nexuses through which cybercriminals can obtain data for their illicit ends; 4) hackers might be able to penetrate any healthcare network nodes with malware capable of totally or partially interrupting a center’s normal activity (e.g., balking access to medical records, altering the configuration or losing access to electro-medicine equipment or, simply, disrupting the appointments system of a hospital’s external consultation system).
To head off such situations, GMV’s Cyberthreat Intelligence team insists, among other measures, on the importance of the company’s top-down “concentration on prevention rather than merely detection: Reinforcing teleworking cyber-protection measures, such as secure VPNs or web filtering; ensuring proper updating and patch-application management; monitoring own and third-party vulnerabilities and implementing multifactor authentication by means of SMS, Google Authenticator or any other method”.
To deal with any cyberthreats GMV runs a Computer Emergency Response Team (CERT) to offer its clients monitoring services of infrastructure, auditing, code analysis for security validation in the application development lifecycle, cyber-intelligence services to identify threats before they can be used against targets, forensic services for post-mortem attack analysis and compliance- and consultancy-services.