Cyber Threat Landscape of the Healthcare Sector
13 Jun 2023
A single cybersecurity breach can cost a hospital system $10 million USD
The healthcare industry is under the constant threat of cyberattacks from malicious threat actors. Data targeted during these attacks often includes sensitive patient information and research, which is usually stolen by ransomware before locking down critical care systems. Throughout our research, Intertek EWA-Canada has encountered numerous case studies involving cyberattacks against healthcare institutions that cause millions of dollars in damages and delayed patient care. The current threat landscape shows that the number of targeted attacks against hospitals, medical clinics, and other healthcare facilities is rising each year. It is imperative to understand these types of attacks and the tactics, techniques, and procedures (TTPs) adversaries use to prevent malicious infections. [1]
In 2022, the average cost of a data breach in healthcare was roughly $13 million CAD, compared to $11.8 million CAD in 2021, giving the healthcare industry the highest cost to recover from a breach for the 12th year in a row. Overall, the healthcare industry suffered hundreds of data breaches in first half of 2022. Cybersecurity researchers indicate that personal health information (PHI) is the most valuable data on the dark web given that a single record sells for ten times more than a credit card. This is because medical records contain a wealth of unchangeable data elements, such as a patient's medical and behavioral health history and demographics, as well as their health insurance and contact information, whereas a credit card can be simply cancelled. Once health-related records have been taken, threat actors may use them to support other criminal activities like obtaining prescription drugs illegally, making false medical claims, or stealing the patient's identity to open credit cards and fraudulent loans. Given the sensitive nature of this information and crucial life-support systems that hospitals use, it is vital to remain protected from malicious attacks to avoid being victimized. [2][3][4][5]
The healthcare sector has been under threat for many years and will continue to be a prime target for the foreseeable future. Since May 2021, the U.S. healthcare system has been particularly hit by ransomware called “Maui”, attributed to state-sponsored cybercriminals based in North Korea. In Canada, malicious adversaries infiltrated the critical IT systems that support healthcare providers across the province of Newfoundland and Labrador and launched a catastrophic cyberattack against them in October 2021. The attackers managed to steal sensitive patient information related to at least 37,800 individuals and resulted in a cost of approximately $16 million CAD worth of damages, which some experts claim was the worst cyberattack in Canadian history. A ransomware attack that affected the a French hospital near Paris resulted in the majority of its computer system’s network going offline on August 21, 2022. The attack impacted the hospital’s entire network including computers, storage servers (including those used for medical imaging services) and patient admission systems. Threat actors are constantly seeking to exploit vulnerable system for profitable gain across the world. [6][7][8][9][10]
The healthcare industry has proven to be an attractive target for malicious adversaries motivated by financial gain. Attackers are constantly evolving, using new or otherwise uncommon techniques to infiltrate networks. The threat of attacks on the healthcare industry is growing each year and with it the costs. Cyber criminals will continue to exploit vulnerabilities, use phishing techniques, and execute malware to gain unauthorized access to networks, obtain sensitive health records, lock down critical care systems and steal research. The healthcare sector will continue to experience sophisticated cyberattacks from foreign threat actors.
References:
[1] Healthcare data breach costs reach record high at $10M per attack: IBM report - https://www.fiercehealthcare.com/health-tech/healthcare-data-breach-costs-reach-record-high-10m-attack-ibm-report
[2] Healthcare breaches on the rise in 2022 - https://www.techtarget.com/searchsecurity/news/252521771/Healthcare-breaches-on-the-rise
[3] Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year - https://healthitsecurity.com/news/health-sector-suffered-337-healthcare-data-breaches-in-first-half-of-year
[4] Mobile health apps leak sensitive data through APIs, report finds - https://www.fiercehealthcare.com/tech/mobile-health-apps-leak-sensitive-data-through-apis-report-finds
[5] Industry Voices—Forget credit card numbers. Medical records are the hottest items on the dark web - https://www.fiercehealthcare.com/hospitals/industry-voices-forget-credit-card-numbers-medical-records-are-hottest-items-dark-web
[6] North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector - https://www.cisa.gov/uscert/ncas/alerts/aa22-187a
[7] 37,800 people sent privacy breach notifications linked to N.L. cyberattack - https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyberattack-privacy-breach-notices-1.6526431
[8] N.L. rebuilding systems downed by cyberattack from scratch, Eastern Health says - https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cp-cyberattack-rebuilding-1.6287934
[9] Expert says N.L. cyberattack worst in Canadian history, deserves federal response - https://globalnews.ca/news/8350768/nl-cyberattack-expert-deserves-federal-response/
[10] French Hospital Diverts Patients Following Cyberattack - https://www.securityweek.com/french-hospital-diverts-patients-following-cyberattack
[11] UK NHS suffers outage after cyberattack on managed service provider - https://www.bleepingcomputer.com/news/security/uk-nhs-suffers-outage-after-cyberattack-on-managed-service-provider/
Ken Armstrong,
Director, Intertek EWA-Canada
Ken Armstrong is a Director with EWA-Canada. He has over 30 years’ experience in the IT security field. His work includes hands-on experience related to intrusion detection systems, incident response, computer forensics, vulnerability assessments, penetration testing, threat risk assessment, and policy development. Ken is a member of the international Forum for Incident Response Security Teams (FIRST), as well as an active member of the CVE (Common Vulnerabilities and Exposures) Editorial Board.
Chris Wilson,
Senior Threat Analyst, Intertek EWA-Canada
Chris Wilson is a Senior Threat Analyst within Intertek EWA-Canada and has been with the company for seven years. His work includes threat sharing, intrusion detection systems, vulnerability assessment, and policy development.