In troubled waters the fishermen win, although they can cause irreparable damage to human health, outside the law and outside a range of values that is minimally acceptable to everyone. For this reason, the National Intelligence Center (CNI) warned this Monday of the increasing number and importance of attacks on critical computer systems for the Spanish health system. Since the beginning of the pandemic, hackers have attacked and attempted to hijack data and health-related systems that require payment of a ransom.
The data was made available by the current director of the Spanish Secret Service, Paz Esteban, in the middle of the cybersecurity conference of the National Cryptological Center, the CNI agency responsible for the security of the most critical computer infrastructures in the country. According to this data, the incidents classified as very high risk have doubled since 2019 and the critical attacks have surpassed those of last year.
Most of these attacks correspond to so-called ransomware, a type of computer attack that encrypts the entire contents of a server and demands a ransom from the hacker. It did so on September 9th with Adeslas, one of the country’s top healthcare companies, which was inactive for three weeks: from supplier accounts to medical records, due to a computer attack that hijacked information on its servers. Of your patients. Everything.
Attack on hospitals
It is not the first time that the health system has become a primary target for cyber criminals who, at the beginning of the pandemic, tried to get doctors’ passwords in order to access the World Health Organization system using fake emails they faked a communication after this organism.
In a very simple way, ramsomware technology is based on the fact that someone with access to a particular network usually accidentally runs a computer virus which hides itself and, once activated, is able to encrypt the information it contains. System and make it useless. To get the data back up and running, cyber criminals often demand a reward for a hard-to-track cryptocurrency. A similar thing happened last July to Adif, the public rail infrastructure company whose servers were compromised by a group called REVil. The hackers later requested payment of a ransom for not disclosing 800 gigabytes of data, as reported by El Confidencial.
To avoid this type of attack, top Spanish companies have important security protocols in place that even prevent third-party executables from running or using files without a digital signature within their most sensitive services. The problem is the acceleration of the implementation of the teleworking system due to covid-19, which has opened new security gaps, e.g. For example, using personal terminals that are not subject to the internal security protocols and restrictions that many people work with. Companies and organizations.
According to the data presented by the Ministry of Interior to Congress following a parliamentary request between 2015 and 2019, Spain suffered a single attack on its IT health infrastructures, which took place in 2017. Since then, nothing until the arrival of the Covid. However, in six months, the National Center for Infrastructure Protection and Cybersecurity has identified three major incidents. The most serious of them focused on impersonating the health system itself to deceive doctors, steal their passwords, and then block access to hospital databases, which the cybercriminal failed to accomplish.
Copyright © Grupo Edefa SA Reproduction, in whole or in part, of this article is prohibited without the prior authorization of the publisher.