Health-ISAC Report Explores Current and Emerging Cyber Threats to the Healthcare Sector
Ransomware and phishing continue to be the biggest cybersecurity concerns for healthcare organizations according to the February 2023 Current and Emerging Healthcare Cyber Threat Landscape report from Health-ISAC. The report, a collaboration between Health-ISAC and Booz Allen Hamilton Cyber Threat Intelligence (CTI), identified the key threats to the healthcare sector and is based on responses to a November 2022 survey of executives across Health-ISAC, CHIME, and the Health Sector Coordinating Council.
Biggest Cybersecurity Concerns in Healthcare
Survey participants were asked to rank the biggest cybersecurity concerns for their organizations retroactively for 2022 and looking forward for the remainder of the year. Ransomware was the biggest concern for 2022 and 2023 with phishing and spear phishing in second. Third-party/partner breaches, data breaches, and social engineering rounded out the top 5, with social engineering now replacing insider threats as the 5th biggest concern, compared to 2022 when the report was last published.
Ransomware is expected to be the biggest threat for years to come, as while more is now being done to disrupt ransomware gangs and bring threat actors to justice, the returns for cybercriminal gangs from conducting attacks far outweigh the costs. Attacks will continue to be conducted for as long as they are profitable, although with fewer victims paying ransoms cybercriminal groups are starting to diversify their income streams. Phishing is also likely to continue to be a major threat for years due to the low cost and effectiveness of these attacks for gaining initial access to healthcare networks.
Medical device cybersecurity is of significant concern as the number of devices used by hospitals continues to increase. Medical devices often have multiple vulnerabilities and run on outdated operating systems and provide an easy access point into healthcare networks. Healthcare organizations with a higher percentage of connected medical devices experience more cyberattacks and are more likely to experience multiple attacks. Healthcare organizations need to improve medical device security and the best place to start is by ensuring risk assessments are regularly conducted, patches and updates are applied promptly, and devices with weak or default credentials are identified and updated.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The report draws attention to threats related to geopolitical activity such as the Russia-Ukraine war, which has seen increasing numbers of cyberattacks on organizations with links to Ukraine. In addition to attacks on the Ukraine government, Russian hackers have been targeting companies that are perceived to be supporting Ukraine, conducting business in the country, and even targeting companies that have withdrawn operations from Russia. Chinese hackers are conducting attacks on behalf of the Communist Party of China (CPC) to obtain intellectual property aligned with Chin’s 5-Year Plan, and North Korean hackers have been targeting U.S. healthcare organizations for financial gain – through ransomware attacks – and for espionage purposes.
Emerging Threats to the Healthcare Sector
The report highlights two emerging risks that are expected to plague the healthcare industry in 2023 and beyond – product abuse and synthetic accounts. Internet-facing products such as web login portals and APIs are easy targets for threat actors using compromised credentials, and billions of credentials that have been captured through malware, phishing, and data breaches are freely available on criminal forums. These credentials are being used to gain access to healthcare networks for ransomware attacks and obtain patient data for financial gain.
Synthetic accounts have been a problem in several sectors for many years but there is growing evidence that synthetic accounts are being used for healthcare fraud. Synthetic accounts can be created using the huge amount of PII available on dark web forums and are typically strengthened over months or years to increase the success rate of attacks. These accounts are used to fraudulently obtain loans and make large purchases but are also being used for paying for medical billing and other health-related activity. Cybercriminals are creating fake medical providers and other business accounts to bill insurers and the government for services that are never received and this form of fraud is likely to increase throughout 2023.
“Customer-facing products are routinely targeted by attacks designed to extract data with crimeware that threat actors have customized to look and feel like a legitimate customer—whether a consumer, industry practitioner, or third party,” said Health-ISAC in the report. “Preparing for these attacks require properly aligned controls at the network, application, authentication, and risk layers to protect organizational data and reduce the risk of credential stuffing, account takeovers, carding attacks, and unhealthy account creation.”
Health-ISAC members can download the TLP: Green report for more detailed information and a TLP: White summary has also been released, both of which can be downloaded on this link.
