Cybersecurity

Cybersecurity report reveals steady attacks on healthcare sector

Cybersecurity firm Cyble reveals little letup in healthcare cyberattacks during first half of 2024.
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A first-half study of the US healthcare sector revealed a cyber-salvo against the industry.

The report from threat-intel firm Cyble, which highlighted healthcare-specific cyberthreat activity from January to June of 2024, found:

  • 121 ransomware attacks
  • 18 verified data breaches

“The recent trend where we are seeing large number of attacks directly on these hospitals, healthcare providers, just shows the increasing desperation within the cybercriminal ecosystem, to basically target any organization for maximum monetary benefit,” Kaustubh Medhe, VP of research and cyber threat intelligence at Cyble, told IT Brew.

The FBI’s investigation of internet crime incidents last year also demonstrated a heavy targeting of hospitals. The agency’s 2023 Internet Crime Report found that its Internet Crime Complaint Center received 249 queries from ransomware-affected healthcare orgs—surpassing all critical infrastructure sectors, including critical manufacturing (which received 218 complaints) and government facilities (156 complaints).

IBM’s “Cost of a Data Breach 2023” report, published in July 2023 and studying 553 global orgs from March 2022 to March 2023, found that the average healthcare data breach cost $10.9 million—more than twice the average cost of all breaches ($4.5 million).

Medhe cited common, IT-specific entrypoints that led to breaches:

  • Exploiting an internet-facing application
  • Compromising a third-party vendor with network access to a targeted client
  • Gaining access to cloud-storage environments
  • Stealing credentials or exploiting weak passwords

Cyble’s report also noted 10 healthcare-sector incidents of compromised credentials later offered for sale on underground marketplaces, including claims of unauthorized access to an unnamed clinical laboratory’s network, “which boasts a substantial yearly revenue of USD 56.6 million and employs 200 people,” the study’s writers shared.

High-profile cyberattacks have disrupted hospital operations in early 2024—including intrusions at Change Healthcare and Ascension.

While the healthcare sector reportedly faced many ransomware attacks in the first half of the year, construction companies topped the list of ransomware-targeted industries, facing 150 attacks during the same six-month period, according to Cyble research stats shared with IT Brew.

To defend against hospital-targeting threat actors, Errol Weiss, CSO at nonprofit information-sharing org Health-ISAC, sees promise in passwordless technologies like biometrics, hardware keys, and one-time tokens—which are still in the nascent stage, he said.

“So many of these ransomware attacks are enabled because somebody gave away their username and password in a phishing link,” Weiss told IT Brew. “And that’s really where it all starts. And so if we’re able to use this passwordless technology, that does not become the issue there; they are not able to phish a credential.”

Recommendations from Cyble’s report included network segmentation (gating-off parts of a network via authentication mechanisms and firewalls, to block traffic and contain intrusions); patch management; employee training (on phishing threats and strong passwords); and engagement with industry partners, government agencies, and cybersecurity organizations.

Medhe has an extra rec: Well-documented and tested data backups.

“Even with unlimited budgets, unlimited management support, there is no guarantee that a company won’t face a cyber incident,” he said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.