Reflecting on the 2023 cyberattacks in healthcare, the industry grappled with an increasing amount of threats like ransomware and phishing, jeopardizing patient information and services.
Building a stronger wall to prevent threat actors from coming in is only half of the solution. The other half must address the inevitable reality that no matter how strong that wall is, adversaries WILL slip through. It comes down to cybersecurity maturity – establishing a resilient and continuous defensive infrastructure. Healthcare providers must protect patient data and uphold the integrity of healthcare operations by implementing advanced threat detection systems and cultivating a culture of cyber resilience.
As highlighted in a recent Gartner Review, it is important to “integrate your cyber advisory, professional and managed security services into tightly coupled offerings that enable cyber resilience outcomes.” Experts also advised that “consolidation also requires the fusion of security products into a unified platform with integrated signals across the supported security products. Feasibly, this will be a defined set of best-of-breed products that are integrated via native applications or APIs into a service provider fusion platform with the end objective of the technology and people working together in an orchestrated solution.”
The notion of a sophisticated, unified front has swept over the cybersecurity industry, becoming a top priority for those looking to enhance and fortify their threat detection program against a dynamic threat landscape. This is what Avertium calls Cyber Fusion.
In response to the healthcare industry's high susceptibility to cyberattacks, many organizations are proactively enhancing their cybersecurity as they brace for the threats ahead in 2024. Here are the emerging threats we are predicting and the defense strategies that we recommend for healthcare organizations facing these threats head-on.
What is it? Generative AI employs generative models to create text, images, or other media by learning patterns and structures from input training data. As a result, these models generate new data with similar characteristics. As AI becomes more prevalent in healthcare, it holds promise for predicting outcomes and guiding doctors, surgeons, nurses, and other roles in areas like processes and paperwork. One notable trend is the rise in deepfake phishing attacks, facilitated by threat actors leveraging generative AI tools.
Why are healthcare organizations particularly vulnerable when using generative artificial intelligence (AI)? Due to its complex nature, it may be challenging for healthcare professionals to learn, understand, maintain, and secure generative AI requiring additional resources for training and support.
What is the impact in healthcare / what does it mean for your organization? Currently, 10 states have AI-related regulations in their larger consumer privacy laws; however, only a handful of states have proposed legislation specific to the privacy of data or the use of AI in healthcare. While generative AI holds significant promise for the future of healthcare, there are potential negative impacts for organizations to consider.
Misinformation with AI: A recent study led by Stanford School of Medicine researchers sheds light on AI unknowingly spreading racist and debunked medical notions. This has been found to perpetuate misinformation and even present fabricated, race-based equations, raising concerns for patients.
What is it? The Internet of Things (IoT) in the healthcare industry refers to the integration of devices and technologies to enhance and streamline various aspects of healthcare delivery. IoT devices are often interconnected, allowing them to collect, exchange, and analyze data in real-time.
Why are healthcare organizations particularly vulnerable to the Internet of Things (IoT)? As the use of IoT devices in healthcare increases, so do security concerns. Connected devices may become vulnerable to cyberattacks, posing a risk of unauthorized access to sensitive patient data and potential privacy breaches. Due to the widespread distribution and internet connectivity of IoT devices, they are perfect targets for DDoS attacks.
What is the impact of the Internet of Things (IoT) in healthcare / what does it mean for your organization? The increasing integration of IoT devices in healthcare brings both benefits and challenges. On the positive side, IoT enables real-time monitoring of patients, leading to more personalized and efficient healthcare services. However, the growing number of connected devices also poses cybersecurity risks, as healthcare organizations become more susceptible to data breaches and unauthorized access. Experts anticipate a significant surge in botnet attacks, given the expected 18% growth in IoT devices to 14.4 billion in 2023 and a projected increase to 27 billion by 2025.
How the Internet of Things (IoT) takes form:
Healthcare attack exposing 2.5 million patients: Norton Healthcare, a major healthcare system in Kentucky, experienced a ransomware attack that compromised the data of approximately 2.5 million patients and employees. This incident underscores the growing trend of cyberattacks on healthcare organizations, with sensitive patient data being a prime target.
Fitness tracker manipulation: If a health insurer offers an incentive to customers using a fitness tracker, and an error in the tracking software overstates the number of steps the user has taken, then the company may give more discounts than it should. The insurance company may attribute the financial loss to incorrect step counts as a result of external fitness tracker manipulation.
What is it? Ransomware has dominated discussions across various industries in recent years. Though many sectors experience ransomware, healthcare organizations have fallen victim to this type of malicious attack at a greater rate due to the sensitive and critical nature of a place such as a hospital. Ransomware is designed to encrypt the healthcare organization's data, rendering it inaccessible until a ransom is paid to the attackers.
Why are healthcare organizations particularly vulnerable to ransomware attacks? Healthcare organizations face a heightened susceptibility to ransomware attacks due to a convergence of factors. The immense value of sensitive patient data, coupled with the critical and time-sensitive nature of healthcare services, makes these institutions lucrative targets for cybercriminals seeking ransom payments. Alarming trends show that…
What is the impact in healthcare / what does it mean for your organization? Ransomware attacks can disrupt critical systems, compromise patient records, and hinder the delivery of medical services. The operational downtime during a ransomware attack not only affects patient care but also disrupts day-to-day administrative functions, impacting overall organizational efficiency.
How ransomware attacks take form:
Ransomware attack causes hospital systems to shutdown: The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) alerted to a new ransomware threat known as BlackSuit, which may be responsible for an October 2023 attack against an organization that provides medical scans and radiology services for almost 1,000 U.S. hospitals and health systems and caused the victim to shut down computer systems and turn away patients.
Private information leaked: Regal Medical Group, a southern California-based medical group, reported a ransomware attack potentially exposing the private health information of over 3.3 million patients.
Cancer patients’ information leaked: In February 2023, a Pennsylvania-based health network disclosed that it had suffered an attack from BlackCat and that the perpetrators had released clinical images of cancer patients receiving radiation oncology treatment and had published several documents containing patient information online.
Resource: Insider Threats in Healthcare
What is it? Data breaches refer to unauthorized access, disclosure, or acquisition of sensitive patient information within a healthcare system. These breaches can involve electronic health records, personal identification information, medical histories, or any other data that falls under protected health information (PHI). Breaches of healthcare organizations are the costliest data breaches in 2023, averaging $10.93 million per breach.
Why are healthcare organizations particularly vulnerable to data breaches? The integration of digital technologies, electronic health records (EHRs), and interconnected medical devices creates a complex and expansive attack surface, providing cyber adversaries with various entry points to exploit. A notable challenge also arises from some healthcare providers' reluctance to dispose of outdated medical records, also known as Electronic Health Information (EHI) – Microsoft Purview emerges as a solution designed to offer visibility into data, thereby preventing accidental EHI leakage across networks.
What is the impact in healthcare / what does it mean for your organization? Your patient privacy is compromised.
How data breaches take form:
Dental data breach: Managed Care of North America had the largest data breach in the first half of 2023, affecting more than 8.8 million Americans. The intruders gained access to full names, Social Security numbers, insurance information, driver’s licenses or other government identification numbers, and care for teeth and braces.
Identity-centric attack: Okta Inc. was under fire for constant breaches in 2023 after BeyondTrust security teams detected an identity-centric attack on an in-house Okta administrator account.
What is it? Social engineering is the manipulation of employees or staff members to gain unauthorized access to sensitive information or perform actions that compromise the security of healthcare systems. This manipulation often involves psychological tactics, phishing, or impersonation to exploit human vulnerabilities rather than relying on technical means, as threat actors have been using generative AI tools.
Why are healthcare organizations particularly vulnerable to social engineering attacks? The diverse roles ranging from medical professionals to administrative staff, create an environment that is favorable to social engineering attacks. Cybercriminals leverage human vulnerabilities through tactics like phishing, exploiting individuals' trust to gain unauthorized access to confidential information.
What is the impact in healthcare / what does it mean for your organization? Successful social engineering can result in unauthorized access to patient records, leading to compromised confidentiality and potential data breaches.
How social engineering attacks take form:
Medical group phished: The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has settled with Lafourche Medical Group in Louisiana, a medical group hit by a phishing attack. The incident impacted the electronic health information of around 34,862 individuals.
Qakbot malware phishing attacks: A new wave of phishing attacks through QakBot malware has been closely observed throughout 2023. These messages infect computers through malicious attachments or links in spam emails. Following these attacks, in August of this year, the Federal Bureau of Investigation (FBI) revealed the successful dismantling of the QakBot botnet, a significant operation against cyber criminals engaging in ransomware, financial fraud, and various criminal activities.
In response to the SEC’s new rules emphasizing board involvement in security, organizations in all industries are increasingly recognizing the need for a cybersecurity expert at the decision-making table. That’s where Avertium can help.
HIPAA compliance is more than an annual checkbox. With Avertium’s interconnected three-step approach – Assess, Design, and Protect – we ensure transparency and collaboration, aligning with and supporting your organization's unique cyber maturity journey.
Avertium’s partnership with Microsoft reinforces our three-step-approach while empowering you to maximize your Microsoft Security:
It is important to note that point solutions solve a narrow problem at a narrow point in time. Strategic programs, monitoring, endpoint protection, attack surface monitoring, compliance, and incident response, on the other hand, go beyond a fragmented view of your security posture. Strategic planning should inform your extended detection and response. These investments should work together to produce a greater outcome: Cyber Fusion.
To schedule a consultation with Avertium, contact us today.
Avertium is a cyber fusion company with a programmatic approach to measurable cyber maturity outcomes. Organizations turn to Avertium for end-to-end cybersecurity solutions that attack the chaos of the cybersecurity landscape with context. By fusing together human expertise and a business-first mindset with the right combination of technology and threat intelligence, Avertium delivers a more comprehensive approach to cybersecurity. That's why over 1,200 mid-market and enterprise-level organizations across 15 industries turn to Avertium when they want to be more efficient, more effective, and more resilient when waging today's cyber war.