This is every researcher's worst nightmare. An unfamiliar email, an unknown link, a casual click of the mouse, and years of laboratory data are instantly encrypted, rendered inaccessible. Out of this virus-infected chaos emerged the "Patient Zero." In recent years, several hacker groups have launched cybersecurity attacks on world-renowned universities and research centers. The list of academic institutions that have fallen victim to hacking is alarming, including one of America's most advanced medical centers, the University of California, San Francisco (UCSF) School of Medicine; one of the world's top cancer research institutions, the Fred Hutchinson Cancer Research Center in Seattle; one of the largest science museums in the world, the Berlin Natural History Museum in Germany; the Atacama Large Millimeter/submillimeter Array (ALMA) Observatory in Chile, the largest radio telescope array in the world; the Japan Aerospace Exploration Agency (JAXA); the University of Wollongong in Australia, and one of the largest academic libraries in the world, the British Library in London. However, this list is just the tip of the iceberg, as academia is under siege by hackers.
Infiltration and Theft: Just the Tip of the Iceberg
In fact, many academic institutions may have been targeted by hackers but have yet to publicly disclose such breaches. Ildeberto Aparecido Rodello, Director of Information Technology Center at the University of São Paulo's Butantan Institute, said, "At the University of São Paulo, hackers attempt to breach security protocols every day." The European Organization for Nuclear Research (CERN), located on the border of Geneva, Switzerland, faces similar challenges in cybersecurity. Stefan Lueders, Head of Computer Security at CERN, said, "We have been fortunate not to have suffered any intrusions in the past few years that could be qualified as such. However, external attackers are constantly looking for vulnerabilities or loopholes in the center." According to James Fleming, Chief Information Officer at the Francis Crick Institute in London, the scale of such actions is hard to grasp. "The vast majority of large-scale cyberattacks are automated by cybercriminals, and their operational efficiency is very high. Our firewall data shows that bots attempt to log into accounts and systems with different passwords at a rate of tens of thousands per week, or try to find vulnerabilities," he said. Universities and other research institutions are often seen as "soft targets" by cybercriminals: these institutions thrive on data sharing and openness and have large and highly mobile staff, but many prioritize system accessibility over cybersecurity. Sarah Lawson, Chief Information Security Officer at University College London (UCL), said, "We are here to share research findings, so our design is open. But this makes us vulnerable to cybercrime." "In recent years, educational institutions have become prime targets for cyber attackers. The data tells us that such situations are worsening," she said.
Held Hostage: Ransom in the Millions
Lawson likened cybersecurity to a "whack-a-mole game": attackers continually seek out new vulnerabilities to exploit, while universities, lacking financial support for network defense, find themselves at a disadvantage in the ongoing struggle against cyberattacks. When this happens, the consequences can be disastrous. For example, in a ransomware attack, valuable files may be stolen or encrypted, rendering them inaccessible unless the file owner pays the attacker. "Your choices are really quite limited: either wipe everything and take the hit, or eventually incur financial losses," Fleming said. UCSF's systems were targeted in a hacker attack in 2020, and the university opted for the latter solution: paying a ransom of $1.14 million to restore data from its School of Medicine compromised by hackers. Fleming also noted that if all data were backed up and no sensitive data leaked, the first solution might be preferable. However, this depends on the scale of the attack and the preparedness of the academic institution under attack. "If you insist on wiping all machine contents and reformatting all hard drives and then rebuilding, it could take a week," he said. In October 2023, a hacker group named Rhysida launched a cyberattack on the British Library, rendering all internet-accessible content, including the institution's website, phone systems, and digital collections, inaccessible. As the British Library refused to pay the ransom, Rhysida listed about half a million confidential files from the library for auction on the dark web in November of the same year, including the names and email addresses of library staff and users, with a starting price of 20 bitcoins (then approximately $800,000). Following the incident, the British Library embarked on a comprehensive technical rebuild and recovery of its digital infrastructure. A spokesperson told Nature magazine, "This work is now accelerating," adding that the duration and cost of completing the rebuild and recovery are still unclear. However, the Financial Times estimated the cost at around £7 million ($9 million). Previously, in October 2022, the ALMA Observatory also suffered a cyberattack, and it took "almost seven weeks" to recover, according to Jorge Ibsen, head of the observatory's computing department. However, cyberattacks on academic institutions do not always end with paying ransom or rebuilding digital infrastructure. Paying ransom not only may not necessarily prevent attackers from leaking or weaponizing data but also may result in legal consequences. For example, in November 2023, the Fred Hutchinson Cancer Research Center experienced a data breach exposing personal information of about one million patients to hackers. Additionally, cancer center patients received threatening emails from hackers, leading some affected individuals to file a class-action lawsuit against the center.
Healthcare: Prime Target
Professionals working in the healthcare sector often face significant cybersecurity risks. Anthony Cartwright, an anesthesiologist at Cleveland Clinic Abu Dhabi in the United Arab Emirates, states, "Healthcare systems are currently among the top targets for hackers, as there is financial gain to be made from accessing health records." He published a study on cybersecurity risks in healthcare in April 2023, highlighting that the frequency of Protected Health Information (PHI) data breaches in the United States has steadily increased since 2009, with a roughly 40% rise between 2018 and 2019. Each breach has the potential to expose thousands or even millions of individual patient records.
Development Trends in PHI Data Breaches, Healthcare Hacks, and Unauthorized Access in the United States since 2009
Source: Anthony Cartwright's paper
Cartwright found that certain cybersecurity vulnerabilities emerged during the COVID-19 pandemic. During this period, many hospital employees worked remotely, "using insecure personal networks to access hospital network systems, and their home electronic devices were shared with family members." In most cases, these systems remained unpatched. Consequently, any hacker attacks or malware could infiltrate hospital systems through employees' personal access, thereby increasing the cybersecurity threats faced by hospitals. Meanwhile, malicious actors have become increasingly sophisticated. While some hackers act for entertainment or to advance political agendas (for example, some hackers target scientists engaged in controversial research), cybersecurity professionals are increasingly concerned about nation-state cyber attackers aiming to disrupt critical infrastructure stability or steal intellectual property. Be Prepared and Preventive Measures Regardless of hackers' motives, no one wants to become their target. Lueders advises: "Stop and think before clicking on links!" This is a method to prevent most hacker attacks. So what should be done when cybersecurity incidents harm personal interests? Cybersecurity experts recommend immediately cutting off power and disconnecting devices upon discovering a hacker intrusion, communicating with cybersecurity experts, and seeking professional advice. Prevention is always better than cure, and a well-prepared individual can become a powerful firewall. "Regularly update your software; implement firewall and antivirus solutions; control access to and permissions on your systems; encrypt sensitive data," says Rodello. He even suggests hiring cybersecurity experts for regular audits while providing guidance to enhance digital security in laboratories. Lawson believes that cybercriminals have excellent skills in manipulating targets. "They are the world's 'best' psychologists. They use various techniques from books to find ways to make money from you, and they are very good at it," says Lawson. One trick to avoid data loss is to back up data to a secure location—preferably off-site. Additionally, do not overlook the software developed personally. "Ideally, people would use compliant software libraries and test to ensure software security. But some people overlook security considerations when developing software," says Lawson. Lawson realizes that outstanding researchers are highly focused on their work, but they rarely notice one fact: many cybercriminals are trying to disrupt their lives.
Reference Links:
