Health care is one of the top targets for cyberattacks. Hackers are after healthcare data, intellectual property and PHI.
The information hackers steal from healthcare organizations is incredibly valuable. It can be sold for ten times more than stolen credit card numbers.
Many of the internet-connected devices that medical facilities use require strong cybersecurity protection. Otherwise, attackers can gain access to the network and attack more important servers.
Medical Information Theft
Medical information is one of the most valuable data points for cybercriminals. It sells for a higher price in the underground markets than credit card information or social security numbers. This is why the healthcare industry is a top target for cyber attacks.
Attackers hack medical systems and devices through unprotected networks, insecure remote access, and outdated technology. Many healthcare organizations are stretched thin and may need more time or resources to implement secure working practices and strong cybersecurity in health care. This allows attackers to take advantage of staff members and access patient data, systems, and equipment.
In addition, a cyberattack on a healthcare system may lead to the loss or theft of medical records, resulting in delayed or denied treatments and financial losses for patients. Identity thieves can also use stolen information to receive prescriptions, purchase medical equipment and devices, file fraudulent insurance claims, and more.
Another serious threat is unauthorized access to medical devices such as insulin pumps, defibrillators, and pacemakers. These devices are connected to centralized systems and have complicated firmware that is difficult to update. These devices can be hacked to steal data, inject malware into the hospital network, and change device settings, which could harm patients.
DDoS Attacks
Healthcare organizations host large amounts of patient data and networked medical devices that rely on a secure system. This makes them attractive targets for attackers.
For example, personal information like patient names and addresses sells for a high price on the Dark Web and can be used to commit identity theft or insurance fraud. Research hospitals also hold valuable intellectual property that hackers could use to gain a foothold in the system. They may then encrypt the information with ransomware, demanding a payout from the victim to regain access.
Hackers also leverage existing vulnerabilities within healthcare systems to create a backdoor into the network. For example, legacy workstations and networked medical devices often need to be updated, with unpatched vulnerabilities that cybercriminals can exploit.
Healthcare employees also open themselves up to attack when they don’t follow HIPPA regulations or fail to update their cyber security systems. For instance, phishing attacks and info stealer malware can compromise healthcare employees’ computers and steal login credentials for their hospital systems.
As a result, healthcare organizations are more vulnerable to DDoS attacks, designed to flood an organization’s server with junk data to keep it from working properly. Rented botnets typically conduct these attacks.
Ransomware Attacks
Healthcare organizations are heavily reliant on data and networked systems to provide care. They contain a treasure trove of sensitive information, making them attractive targets for ransomware attacks, which encrypt systems and hold the data hostage until an attacker’s demands are met. Healthcare systems are also susceptible to attacks from malware other than ransomware, such as info stealer infections that steal login credentials.
A rash of cybersecurity changes since the pandemic, including new staffing models, telemedicine, and remote work, has also increased vulnerabilities. And economic setbacks have caused some hospitals to cut cybersecurity resources, making them easier prey for cybercriminals.
This combination of factors has increased healthcare ransomware attacks over the past two years. A cohort study that analyzed data from dozens of healthcare organizations found that attacks are growing in frequency and sophistication.
The study used a unique methodology that scraped the web for both formal data breaches reported to HHS’s Office for Civil Rights and informal points of evidence like stolen data posted on the dark web. The results revealed that ransomware had been the leading cyberattack on healthcare organizations over the past two years.
Gone are the days when most ransomware attacks were the commodity “spray and pray” variety, where attackers used phishing expeditions to trick employees into clicking on a malicious link or opening a tainted document. Today, the threats against healthcare are more targeted and complex and resemble APT operations.
Business Email Compromise (BEC)
Business Email Compromise is one of the most pervasive cyber attacks targeting executives and employees. According to the FBI’s Internet Crime Complaint Center (IC3), reported losses from BEC have reached $26.2 billion. The attackers aim to get a trusted confidant to send money or sensitive data to fraudulent accounts. Attackers do this by impersonating high-level executive personnel or using other tactics like creating a sense of urgency.
The attackers often perform extensive surveillance on the target organization by studying emails and other business processes. They also may mine websites and social media to research names and roles in the company. Once they understand the company’s business process and typical email patterns, attackers zero in on individuals to target. These are generally executives, law enforcement officials and accounting department staff. The attackers then use phishing emails and other tactics to obtain the information they need to complete their attack.
To avoid falling victim to a BEC attack, it is essential to implement comprehensive threat detection and mitigation technologies. These should include Zero Trust architectures, which rely on identity protection, risk-based multi-factor authentication and next-generation endpoint security to verify an individual’s access to applications. These should be combined with robust data loss prevention policies, allowing real-time access revocation to prevent EAC attacks.