MSB warns of cyber threats: may hijack records

The attackers’ new method is to establish themselves on the network before attacking and encrypt files. Stock Photography.Image: Jenny Kane / AP / TT

Ransomware attacks involve hackers hacking and hijacking all or part of a company’s IT system. Information in the system is encrypted, impossible for employees to access. Thereafter, the perpetrators threaten to release the confidential information unless a ransom is paid.

The blackmail programs would likely affect healthcare more than other sectors, says Peter Jonegård, a unit manager at Cert-se, which helps society deal with and prevent IT incidents.

The healthcare sector has previously shown that it is capable of managing when medical record systems go down by activating so-called continuity plans. So the handling must be done more via paper and telephone, and it also becomes very cumbersome for the staff. If an attack were to take place now during the corona pandemic, an already strained business would be affected.

– Everything gets a little more complicated when you don’t have the usual computer support. And they don’t have as many staff, says Peter Jonegård.

Recently, US authorities, including the FBI, warned the healthcare sector in the US about the increase in threats from ransomware players. Therefore, CERT-SE, which is a function within MSB, launched an information campaign in June, targeting healthcare providers, technicians, and decision makers in the regions of the country. According to Peter Jonegård, it is about taking precautionary measures to protect the regions’ networks.

– What we are doing now is sending more specific information to hospitals and regions that adapt to this threat. We analyze the tools of ransomware campaigns and provide information on how to protect yourself and also detect possible intrusions, says Jonegård.

For a year, the blackmail attempts have changed character. Previously, perpetrators seized a computer when, for example, an employee clicked on a link in an email. The files on the computer, which were often visible to the user, were then encrypted.

Recently, criminals are trying to find a way to intrude, it may be through a vulnerability in a server or, as before, through email, to open a back door in the computer so that they can get back into the IT environment. It does not encrypt the files at the same time, but make sure you become a system administrator so that, for example, you can delete the backups first. They then try to spread the encryption over local networks.

– You establish yourself in the net before attacking, says Peter Jonegård.

According to the MSB, this is what healthcare must be prepared for, for example by taking technical measures. Together with the police, security police and the Swedish Armed Forces radio station, MSB has previously produced recommendations on how you can increase resistance to attacks in healthcare.

IT security in the healthcare sector is neither worse nor better than in any other sector, according to Peter Jonegård. Because there are so many different care providers with subcontractors, it is highly variable.

– There are those who have great teams that work with this, which is a great area of ​​contact for us. Then there are those who don’t have the resources for this, perhaps smaller organizations. Like most other companies, functionality or accessibility comes first, and it’s hard to count IT security until something has happened.