Five ways cyber criminals target healthcare and how to stop them

Healthcare organizations around the world are continually weathering a barrage of cyber attacks that disrupt patient care and threaten lives.

In an industry where system downtime could potentially have fatal consequences, healthcare institutions need to be as prepared as they can to prevent and recover from cyber attacks.

But what are the major cyber threats facing healthcare organizations, and how can the threat actors behind them be stopped?

Phishing

Phishing attacks are by far the most popular initial access method used by threat actors to get a foothold in the network of their target.

This technique involves tricking staff at an organization into sharing sensitive information or downloading malware onto the corporate network.

Phishing has traditionally taken the guise of email messages encouraging receivers to click on malicious links that redirect them to spoofed websites which harvest their credentials.

Threat actors are continually evolving their techniques, however, developing more sophisticated social engineering scams that can dupe even the most cautious employee.

Spear phishing attacks are a highly personalized form of phishing where the attacker targets a specific person or group within an organization, using specific information tailored to them to make the message even more believable.

Data published by the US Department of Health and Human Services reveals that there were 4,419 reported breaches of protected health information affecting over 500 individuals between 2009 and 2021, and 18% of these were listed as healthcare phishing attacks.

Healthcare organizations can protect themselves from phishing by implementing strong email scanning tools that detect suspicious emails, according to their address, body text, or attachments to look for any malicious content.

If someone has fallen for a phishing email, ensuring all staff are using multi-factor authentication (MFA) on their account can help prevent the criminal from causing further damage, such as carrying out a business email compromise (BEC) attack.

Cybersecurity awareness training is also essential in helping employees identify social engineering techniques. Cyber defenses are all too often compromised by human error, so training employees in how to spot potential security threats and not give away sensitive information can be critical in keeping your organization secure.

Ransomware

Once the criminal has access to the victim’s network, they frequently deploy ransomware in order to encrypt and exfiltrate sensitive information that they can use to extort the victim down the line, and this is a particular problem for the healthcare industry.

Medical records are some of the most valuable digital records hackers can sell on the dark web due to their level of sensitivity. Unlike a financial or employment record, changing one’s medical history is almost impossible and so individuals are willing to go to great lengths to prevent this information from being made public.

As such, there is a lucrative trade among threat actors in stealing medical information and using it to extract ransoms from medical institutions or individuals.

Research conducted by Sophos found two thirds of healthcare organizations suffered ransomware attacks in the past year, preventing them from accessing devices and the data stored on them.

In the healthcare sector, downtime can have particularly severe consequences, and so falling victim to a ransomware attack is a serious concern for security professionals working at medical institutions.

A major part of keeping your organization protected from ransomware attacks is ensuring you are maintaining backups of all important data. This is the single most effective way to ensure you are able to recover from attacks quickly and minimize disruption.

A zero trust security model can also help prevent attackers from accessing sensitive data once they are on the network. This works by assuming no device, user, or application is trustworthy and requires they reauthenticate themselves each time they reach a different segment of the network.

DDoS

Distributed denial of service (DDoS) attacks are a popular tactic often used as a precursor to further attacks. Threat actors use DDoS attacks to overwhelm a network, disabling many critical functions and often bringing an organization’s IT estate to its knees.

This is particularly serious for healthcare providers because, as previously mentioned, any amount of downtime can be a matter of life and death.

In 2023, a Russian-affiliated hacking group known as Killnet launched a series of DDoS attacks on healthcare organizations in the US, overloading the victims’ networks with traffic and making it impossible to access essential patient services.

Defending against DDoS attacks requires maintaining a strong partnership with your network service provider, and implementing strong DDoS protection and mitigation solutions.

These solutions could include using a web application firewall (WAF), paying a service to continuously analyze network traffic, or physical appliances deployed on the edge routers that stop DDoS attacks at the edge.

Software vulnerabilities

Medical organizations use a collection of programs to manage operations. These include electronic health record software, medical diagnosis programs, appointment scheduling tools, and many more.

This presents IT admins with great deal of complexity to manage, and unpatched software can create a host of problems for healthcare providers. Malfunctioning software can pose a significant risk to patients and any unpatched vulnerabilities presenting a juicy target for opportunistic cyber criminals.

One mitigation strategy to reduce the risk of unpatched software to your organization is implementing an automated patch management solution. These tools help take the time-consuming process of identifying, testing, and deploying patches off IT admins’ hands and reduce the likelihood of human error.

Organizations should also prioritize risk-based patching, where software is updated according to the relative severity of the vulnerability. Those flaws with higher CVSS scores should be prioritized as they are more likely to attract attention from cyber criminals and impact critical systems.

Medical device vulnerabilities

The healthcare industry has embraced the internet of things (IoT) to enhance patient care, birthing its own category of devices dubbed the internet of medical things (IoMT).

Remote patient monitoring is the most common application of IoT devices in healthcare settings, which automatically collect the patient’s heart rate, blood pressure, temperature and other health metrics.

But IoT technology brings with it a host of security risks, namely that it presents hackers with an expanded attack surface to threat actors. As a result, monitoring, managing, and protecting these IoT devices is essential if hospitals want to stay secure.

Healthcare organizations should prioritize establishing good device visibility and then continuously assessing the risk the devices and their associated vulnerabilities pose to the overall network.

Network segmentation and least privileged access controls, like zero trust, are key here too. This enables IT admins to create and enforce policies that limit an individual device’s access to only the resources it needs to function properly. Reducing the level of damage it could cause if it was compromised by a malicious actor.