The Health-ISAC’s Healthcare Heartbeat report discusses ransomware and cybercrime trends that could affect healthcare organizations. The resource offers insights into threat actor activities and the potential risks they pose to healthcare infrastructure.
Ransomware attacks
The healthcare industry has endured an onslaught of ransomware attacks, with the number of incidents remaining consistently high throughout the year. These attacks disrupt operations and jeopardize the confidentiality and integrity of sensitive patient information. Health-ISAC's data reveals that ransomware attacks have accounted for many of the cybersecurity incidents impacting the sector, indicating the need for improved defense mechanisms.
Tracking the ransomware landscape
A deeper analysis of the ransomware trends paints a concerning picture. The data shows a steady stream of ransomware events targeting healthcare entities, with the Americas and Europe bearing the brunt of these attacks. The United States, in particular, has appeared as the epicenter, experiencing the highest number of ransomware incidents among all countries.
The tactics of ransomware actors
Ransomware groups have continuously refined their tactics, techniques, and procedures (TTPs) to maximize the impact of their attacks. One notable development is the shift towards data exfiltration, where threat actors not only encrypt data but also threaten to release sensitive information publicly if the ransom demands are not met. The double-extortion approach has become a hallmark of modern ransomware operations, adding an additional layer of pressure on victims.
Open databases
Another threat facing the healthcare sector is the manipulation of open databases that expose sensitive personal health information (PHI) and personally identifiable information (PII). These unsecured databases, directly accessible over the internet without any authentication, pose a risk of data breaches and unauthorized access.
Monitoring and mitigating open database risks
Health-ISAC has been actively monitoring and alerting its members about the presence of these open databases, which include technologies such as CouchDB, Microsoft SQL, MongoDB, MySQL, and Postgres. Among these, MySQL instances have been the most commonly identified as vulnerable. Health-ISAC aims to empower healthcare organizations to address these exposures by providing timely alerts in order to safeguard the confidentiality of sensitive patient data.
Threat actor spotlight
The healthcare sector has also been the target of a new and aggressive threat group, Hunters International, which has employed a unique extortion technique involving the exposure of private patient images. While the group's operations are still under investigation, Health-ISAC has observed targeted attacks against seven healthcare delivery organizations (HDOs) in Europe and the United States.
Analyzing the Hunters International threat
Hunters International's ransomware, though modified, bears similarities to the code and infrastructure associated with the now-dismantled Hive threat group. The group has streamlined the encryption process and reduced the number of command-line parameters, making the malware less verbose. Notably, the ransomware attempts to disable backup and restore capabilities, further exacerbating the impact on victims.
Recommendations for strengthening cybersecurity
To effectively navigate cyberattacks and mitigate the threats facing the healthcare sector, Health-ISAC recommends a holistic approach:
Enhancing access control and authentication
Implement multi-factor authentication and strong password policies, or, where possible, transition to passwordless environments to bolster access control measures.
Prioritizing patching and vulnerability management
Establish a patching management policy to ensure software and systems are promptly updated, addressing vulnerabilities before they can be exploited.
Fostering a cyber-aware culture
Conduct regular employee training to cultivate a culture of cyber awareness, empowering non-IT staff to recognize and respond to potential threats.
Implementing segmentation and isolation
Segment the network to limit the impact of a compromise and quickly isolate any infected devices to prevent the further spread of malware.
Strengthening backup and recovery capabilities
Ensure all relevant data is securely backed up, providing a reliable fallback in the event of a successful ransomware attack or data encryption.
Enhancing vendor management
Establish effective vendor management practices to mitigate the risks of supply chain compromises.
Related: How healthcare can avoid devastating supply chain cyber attacks
How Paubox can strengthen an organization’s cybersecurity
Paubox Email Suite is a solution to ensure all employees send HIPAA compliant emails by default. It uses TLS 1.2 and TLS 1.3 encryption. The premium plan also has email data loss prevention (DLP). This feature stops employees from sending sensitive information to people outside of their network. Paubox is dedicated to ensuring the highest level of cybersecurity for healthcare providers, with all their products HITRUST CSF certified.
FAQs
What is cybersecurity and how does it relate to healthcare security?
Cybersecurity involves protecting computer systems, networks, and data from digital attacks, unauthorized access, and damage. In healthcare, it is necessary to safeguard protected health information (PHI) and electronic protected health information (ePHI). Effective measures help keep sensitive patient data confidential, secure, and compliant with HIPAA regulations.
Why is cybersecurity beneficial for HIPAA compliance in healthcare settings?
Cybersecurity benefits HIPAA compliance because it helps protect PHI from breaches and unauthorized access, which are central to maintaining patient privacy and confidentiality. By implementing strong cybersecurity practices, healthcare organizations can prevent data breaches, avoid fines, and ensure they meet HIPAA’s security and privacy requirements.
Learn more: HIPAA Compliant Email: The Definitive Guide