Flashpoint Year in Review: 2022 Healthcare Threat Landscape
KEY TAKEAWAY
- The primary motivation for threat actors targeting the healthcare sector in 2022 appeared to be economic, as the sector was significantly affected by data breaches and ransomware attacks.
- According to Cyber Risk Analytics (CRA), at the time of writing, the healthcare sector has experienced 556 data breaches, which have led to the compromise of over 65 million records.
- Ransomware remained a significant threat to healthcare organizations this year. As in previous years, ransomware gangs targeted hospitals or other treatment facilities, knowing that minimizing downtime could have life-or-death consequences, which could make an entity more inclined to pay the ransom demanded.
The health landscape
According to a recent study, more than 20 percent of healthcare organizations surveyed experienced an increase in mortality due to cyber attacks in 2022. Of the nearly 650 organizations included in the study, 89 percent reported at least one attack in the past twelve months – reports 43 cyber attacks on average. In addition, 20 percent of participants reported being victims of cloud compromise, supply chain attacks, ransomware or phishing.
In our 2020 and 2021 Healthcare Year In Review reports, we highlighted the impact that COVID-19 had on the healthcare sector. This year, our analysts continued to observe general fraud related to the pandemic, such as advertising for covid-related datasets. Looking ahead to 2022, however, the sector was less affected by the pandemic than in previous years.
Impact of data breaches on the healthcare system
According to data from the CRA, the health and social care sector was the second most affected sector by data breaches this year globally – after finance and insurance. So far this year, the healthcare sector has experienced 556 breaches, which has resulted in over 65 million broken records in total, according to the CRA. These numbers are expected to grow as affected entities retroactively disclose breaches.
The majority of affected units were hospitals, followed by ambulatory health services and social services.
The effect of cyber attacks on the healthcare system
Healthcare-related advertisements and solicitations remained popular among threat actor communities during this year. Threat actors continued to buy and sell network access to healthcare organizations, pharmaceutical companies, insurance organizations, and third-party resources that store PHI, such as patient data, “fullz” (full packets of personally identifiable information), COVID-19 passports, prescriptions, insurance information, and Medicare data.
Cybercriminals continue to mine data from healthcare organizations to trade on underground markets and forums. The leading forums for discussing such data included the mid-level English-language hacking forum Breach Forums, and the top-level Russian-language hacking forum Exploit. Breach Forums quickly became the English-language hacking forum for threat actors seeking to buy and sell such data in 2022, accounting for nearly 30 percent of all health-related ads observed.
Raid Forums was the third most popular forum for health-related information, although it was seized by US law enforcement in late February 2022.
This year, the United States was the region most affected by advertisements for and calls for health-related information.
Ransomware’s impact on healthcare
According to the FBI’s Internet Crime Complaint Center (IC3), the healthcare and public health (HPH) sectors account for 25 percent of ransomware complaints across all sixteen critical infrastructure sectors. Ransomware groups tend to target organizations that store and maintain high-value sensitive information. Healthcare organizations are considered prime targets, as they are more likely to pay ransom quickly to restore networks, services and treatments.
Flashpoint’s data on publicly known ransomware attacks showed that 6.78 percent of attacks reported in 2022 affected the healthcare sector, making it the fifth most targeted sector. “LockBit” was the most common group targeting these organizations, executing nearly a quarter of healthcare ransomware attacks in 2022.
The Internet of Medical Things
A major concern for healthcare organizations is the growing attack surface created by the Internet of Things (IoT) – especially medical devices. Healthcare organizations have an average of 26,000 networked devices – each potentially containing exploitable vulnerabilities. Unsecured medical devices, such as heart rate monitors and mobile apps, are a particular security concern. According to a recent study, the more connected medical equipment an organization has, the more likely it is to experience a cyber attack.
The study further states that 57 percent of IT security practitioners say they do not always change the default credentials for connected devices before issuing them to employees, and 5 percent never change them. Furthermore, 68 percent of organizations reported that they do not routinely patch devices or update firmware. However, it is important to note that the failure to do so is sometimes because the product runs on older platforms that are often not supported. In other cases, it is due to the absence of connected medical device monitoring solutions, such as anti-virus or endpoint protection tools – further highlighting the importance of comprehensive vulnerability intelligence.
Flashpoint helps healthcare organizations protect assets and data
Flashpoint’s suite of actionable intelligence solutions enable healthcare organizations to proactively identify and mitigate cyber and physical risks that could put people, places and assets at risk. To unlock the power of big threat and vulnerability intelligence, get started with a free trial of Flashpoint.
