Understanding and Combating Top Healthcare Cybersecurity Threats

It’s no surprise that with the explosion of AI, healthcare cybersecurity threats are growing in both their level of sophistication and frequency. We saw threats ranging from ransomware exploits like CL0P, which compromised the private information of over 23 million people, to the Rhysida attack, that forced nearly 200 hospitals and clinics to take their systems offline. Notably, threat actors also turned to AI for nefarious uses with the release of WormGPT and FraudGPT.

Interestingly, most of the attacks observed in 2023 stemmed from U.S.-based IP addresses, which marks a notable shift from data over the previous 2-3 years, where Eastern European countries were the main source of attacks.

Our team, like many others, witnessed a record number of identity-based attacks targeting remote access services, including exposed ssh, rdp, and vpn servers. Most of these attacks are unsophisticated password spraying attempts, which can be easily mitigated by implementing certificate-based authentication and MFA authentication whenever possible.

And in the wake of the ransomware attack on Change Healthcare causing record delays in payments, creating issues for patients waiting on much-needed medications and care, some healthcare companies are bleeding in financial losses, many losing up to $100 million per day.

We know the healthcare industry and protection of PHI depends on knowing who these bad actors are, what their attack methods look like, and how to fight back against becoming the industry’s newest victim. So, in collaboration with Medecision and Ordr, we held a webinar led by industry experts to review the report’s findings and uncover the top threats looming over the healthcare industry.

Vice President of Security at Medecision, Chief Healthcare Officer at Ordr, and Vice President of Managed Cybersecurity Services at ClearDATA brought their valuable insights to the table. Read on for their full insights, and watch the on-demand recording of our Healthcare Threats webinar.

Let’s dive into some of these threats and what you can do to combat them.

Evolving Threat: Ransomware

Ransomware attacks are becoming more frequent,  and threat actors are innovating with their negotiation tactics, which means they hit harder and more broadly than ever before. With more ransomware groups specifically targeting PHI and other sensitive healthcare data, we need to stand ready with meaningful countermeasures and risk mitigation strategies.

Cybersecurity defense measures need to evolve to stop cybercrime in its tracks. Specifically, attack automation is often implemented to help attackers move quickly and hit as many applicable targets as possible. The ransomware as a service market continues to grow, which includes initial access brokers, and sample development lowers the bar to create a campaign.

Additionally, and even more unfortunately, threat actors are utilizing multiple extortion methods to extract payment and publicly humiliate victims. More HCOs will fall victim to campaigns by well-known actors targeting “low hanging fruit” common to the industry.

Actionable advice – Know your adversaries! Understanding the threat of ransomware allows you to deploy meaningful countermeasures and effectively manage risk. Working with a knowledgeable cybersecurity team that deeply understands how healthcare data gets targeted and exploited by these ransomware groups is your best defense, though monitoring ransomware attack news and intel on these groups can also help you stay vigilant.

Persistent Threat: Software Vulnerabilities

In 2023, the industry was plagued by a lack of urgency in addressing widespread vulnerabilities in internet software utilized by the industry. Legacy healthcare applications, file sharing utilities, and administrative portals often have flaws that threat actors exploit. To mitigate these threats, it’s crucial to have comprehensive external attack surface monitoring and a robust vulnerability management program.

Actionable Advice: Know your environment! Knowing your attack surface and exactly where PHI is located within your environment is crucial for healthcare data defenders to gain visibility and effectively mitigate or remediate well-known flaws.

Overlooked Threat: Supply Chain Components

Third-party vendors often become an easy target for cybercriminals as compromising them yields high returns. Because of their widespread adoption and interconnected systems, they offer multiple opportunities for a payout. It’s vital for teams to Implement a Cybersecurity Supply Chain Risk Management Program (C-SCRM) that holds third-party vendors to consistent security and strategy standards.

Actionable Advice: Implement a Cybersecurity Supply Chain Risk Management Program (C-SCRM)

There is no need to reinvent the wheel. There are existing frameworks like the NIST Cybersecurity Supply Chain Risk Management (C-SCRM) program, which helps organizations manage the increasing risk of supply chain compromise related to cybersecurity, whether intentional or unintentional.

Emerging Threat: Artificial Intelligence

While AI promises to revolutionize healthcare, it also introduces new risks. As organizations rapidly adopt AI without sufficiently implemented safeguards, the technology may be used for malicious intent. That’s why you need to plan and secure AI technologies before adopting them fully and integrating them with your healthcare cloud.

The industry can expect to see a continued increase in social engineering focused campaign volume. Additionally, open-source tools facilitate more convincing, customized bait, specifically designed to mimic VIPs and executives to fool employees. Healthcare is rapidly innovating, and there’s a race to integrate AI in the name of improving patient care, but it’s crucial to have an adequate plan for addressing complex new vulnerabilities.

Actionable Advice: You must slow down…to go fast!

Rapidly adopting technology without having a well-formed idea of the risk it introduces and how to secure it is a recipe for disaster. Business leaders can’t be enticed by technological sirens.

Moving Forward

Successfully navigating cybersecurity challenges requires a level-headed approach to risk assessment and understanding the broader threat landscape. Expand your vulnerability management programs to include vendor risk and establish a clear business strategy around the secure adoption of AI.

Know how much you can and can’t manage alone in this new era of ransomware groups and other ruthless attackers going after healthcare data. Work with a knowledgeable, healthcare-focused cybersecurity team who will partner with you to fortify your healthcare cloud, offering actionable steps to risk mitigation and threat intel gleaned from other companies like yours.

And when it comes to cloud partners, be judicious – your protection is only as good as theirs. We’ll be hosting a new webinar on April 30 on assessing and mitigating your third-party risk to help walk you through it every step of the way.

Thanks to those who joined the live webinar on healthcare cloud threats, and if you missed it or want a re-watch, watch the on-demand recording.