Moorfields Eye Hospital Dubai has started an “urgent” inquiry, following a cyber-attack that targeted its servers.
According to local media reports, Dubai patients’ identification information was accessed during the incident. However, the hospital asserts that it does not believe that patient health records have been compromised.
In a message on the hospital’s website, it reiterated that it takes the privacy of its patients “very seriously” and that all affected individuals have been notified and informed about the incident.
Last week, darkweb criminal intelligence profiling investigation platform DarkTracer posted a tweet that Moorfields NHS UK and Dubai were the target of a cyber-attack.
Moorfields has yet to share details from its investigations nor has it confirmed who was behind the cyber-attack. However, ransomware group AvosLocker has claimed responsibility to the breach on its website and threatened to release 60GB+ worth of data.
The healthcare sector remains to be one of the most attractive targets for cybercriminals, especially as organisations continue to grapple with the COVID-19 pandemic. In 2020, more than 102 million healthcare records were exposed as a result of data breaches, according to Tenable’s Security Response Team (SRT).
“The healthcare sector – and hospitals in particular – are prime targets for cybercriminals. The sensitive nature of the information hospitals store, combined with the potential damage that a successful attack could cause to a hospital and its patients raise the stakes significantly. And since the pandemic, the stakes have never been higher,” explained Werno Gevers, cybersecurity specialist, Mimecast.
Werno Gevers, Mimecast
Ram Vaidyanathan, Product Manager at ManageEngine also pointed out how the ongoing war against Covid-19 have added significant pressures to healthcare firms that are already burdened with constantly being targeted by cyber-attacks. “Ransomware has traditionally been a serious challenge for organisations across all industries, especially those in the healthcare sector where confidential medical information is at a great risk of being exposed. Back in 2017, the NHS became a victim of the WannaCry ransomware strain. Ransomware attacks in the healthcare industry are expected to hit record highs in the next few years.
“Like other ransomware attacks, the recent AvosLocker attack in the region, too can get initial access through a vulnerable RDP port or Microsoft Exchange server, or even through regular phishing mail. One the ransomware gets into the network, it can target Windows machines including domain controllers and add a .avos extension to files after encrypting them. Few cybersecurity experts had already warned about these players, in June 2021 when the ransomware developers started looking for ‘affiliates’ to work with.”
In its latest State of Email Security report, Mimecast highlighted that 75% of organisations in the UAE said they expect an email-borne attack to damage their business, but only 23% had a cyber resilience strategy in place.
“In response to the growing volume of cyber-attacks, healthcare organisations should implement a robust cyber resilience strategy that protects against a broad range of attack types, including phishing, ransomware, and impersonation attacks,” said Gevers.
He also urged organisations to provide regular and on-going cybersecurity awareness training equip employees with the knowledge and expertise to identify and avoid potentially dangerous activities, such as clicking on links in emails or downloading dangerous attachments. “This will limit opportunities for ruthless criminals to take critical systems offline and potentially risk the wellbeing of those that can least afford it.”
ManageEngine’s Vaidyanathan echoed this and emphasised on the need for healthcare organisations to account for both known signatures of attack and behavioural patterns to defend against ransomware.
Ram Vaidyanathan, ManageEngine
“Organisations should specifically look for the initiation of unknown processes, deletions, modifications, renames, movements, and encryption of files,” he said. “They should devise a proactive security strategy to hunt down traces of lateral movement, privilege abuse, and data exfiltration to the internet. Hire experienced, skillful security professionals to pinpoint advanced security threats. The sooner an attack is detected, the less damage and downtime. Deploy and configure security solutions to spot known indicator of compromises (IoC). Automate threat remediation wherever possible—such as isolating an infected machine or blocking malicious traffic.”
