Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape
Executive Summary:
The healthcare industry is characterized by highly specific challenges that give rise to a unique cybersecurity risk profile. The nature of health-related data makes it highly valuable and attractive to attackers, who exploit its confidential nature to target payers, providers, and other entities within the healthcare ecosystem.
In 2022 alone, the U.S. Department of Health and Human Services reported more than 28.5 million breached healthcare records, a significant increase from 21.1 million in 2019. These breaches have had severe consequences, as exemplified by notable incidents like the MediBank data breach, impacting 9.7 million customers, the ransomware attack on PharMerica, which exposed medical data of 5.8 million patients, and the unfortunate case of SMP Health, a hospital that had to shut down due to its inability to recover from a ransomware attack.
Due to the sensitive nature of healthcare data and the regulatory requirements that healthcare organizations must comply with, the financial impact of a breach in the healthcare industry far surpasses other industries. In 2022, the average cost of a data breach in healthcare was $10.1 million, which is more than double the industry average of $4.4 million, according to data from the Ponemon Institute.
Given these circumstances, and the broader implications of patient safety, it is crucial for the healthcare sector to minimize its risk exposure and prioritize protection measures. To address these pressing concerns, Trustwave SpiderLabs has developed a threat briefing that examines the multitude of threats that pose challenges to the healthcare industry and offers an in-depth analysis of a targeted attack flow specific to the healthcare industry.
The following Executive Summary offers a preview of the comprehensive Trustwave SpiderLabs Healthcare Threat Briefing:
Emerging and Prominent Trends in the Healthcare Industry
- Generative AI and Large Language Models (LLMs): Unique implications and risks due to the sensitive nature of the data potentially being shared with these tools.
- Ransomware Groups Targeting Healthcare: Threat groups previously considered healthcare-related targets off-limits, or protected, but are now widely attacked.
- Software Vendor and Internet of Things (IoT) Exposure: The risks associated with third-party vendors and the proliferation of Internet of Things (IoT) devices in healthcare further amplify the potential attack surface and vulnerability of the industry's infrastructure.
Cybersecurity Challenges Unique to the Healthcare Industry
- Custom Applications: Healthcare organizations rely heavily on custom applications that often lack adequate security testing and code auditing, leading to undiscovered vulnerabilities.
- Third Party Reliance: Healthcare entities commonly engage with numerous third parties, further expanding the number of endpoints and users involved, thereby contributing to a growing threat surface.
- Internet of Things: The healthcare industry typically has a higher number of connected physical devices, such as heart monitors and imaging hardware, which often prioritize functionality over software security.
- Compliance: Healthcare organizations are often hesitant to implement changes quickly due to concerns about compliance with oversight agencies and compatibility issues with existing software and hardware.
- Patient Care: The focus on patient safety and avoiding unexpected disruptions, like system crashes, leads healthcare organizations to be more cautious about adopting software patches or making changes that could jeopardize patient care.
Prevalent Threat Tactics and Threat Actors Operating Across Healthcare
Threat Actors
- LockBit 3.0
- ALPHV/BlackCat
- Clop
- DMAlocker
- Royal
- Babuk
- Magniber
- BlackBasta
- RansomHouse
- Phishing/BEC
- Vulnerability Exploitation
- Logging In with Valid Credentials
(Unsecured, Default, Low Complexity, or Purchased) - Existing Tools (Powershell, LOLBins)
- Webshells and Stolen Sessions
- Malware (Infostealers, RATs, Ransomware)
- DDoS
Healthcare Attack Flow Analysis
The report provides an analysis of the attack flow specific to the healthcare sector, incorporating insights from the Trustwave SpiderLabs team.