Cyber threats against the healthcare sector are escalating, making it a top priority for attackers
In a recent report, cybersecurity firm Darktrace has highlighted the increasing threat landscape facing the healthcare industry. The sensitive nature of patient information and the potential disruption to critical services make healthcare a high-value target for attackers.
The report found that 75% of healthcare network intrusions were business email or cloud account compromise that did not escalate to ransomware or data exfiltration. This discovery reinforces the need for comprehensive security monitoring that extends beyond traditional IT systems to include specialized medical equipment.
The types of healthcare compromises in 2024 included exploitation of edge infrastructure vulnerabilities. Medical devices frequently exploited by attackers from 2020 to 2024 include networked infusion pumps, pacemakers, insulin pumps, and imaging devices like MRI and CT scanners due to their connectivity vulnerabilities.
The attack surface of healthcare organizations is widening, providing more opportunities for threat actors. This is due to the rising use of cloud services, integration of third-party devices and services, and growth in Medical Internet of Things (IoMT) devices. Darktrace observed exploitation of edge infrastructure devices from vendors such as Citrix, Cisco, Fortinet, and Ivanti. The researchers warned that the integration of more third-party devices and services in healthcare organizations is expanding the attack surface.
Phishing and exploitation of edge infrastructure vulnerabilities collectively made up over two-thirds of healthcare compromises in the new report. Phishing attacks against healthcare organizations are becoming more targeted, with one in three targeting VIP users. Tailored phishing attacks are a significant factor in compromising healthcare networks.
The growth in Medical Internet of Things (IoMT) devices is also contributing to the widening attack surface in healthcare organizations. Darktrace detected a digital imaging device infected with the PurpleFox rootkit and DirtyMoe malware, underscoring the need for continuous monitoring of clinical devices.
The report also noted a similar pattern to attacks in other industries. A significant proportion of phishing emails in 2024 either impersonated a supplier or originated from a compromised supplier account.
Healthcare firms affected by these exploits range from equipment suppliers to non-critical care providers. The finance industry had 37 incidents, energy had 22, insurance had 14, and telecoms had 12 incidents. However, Darktrace responded to 45 cybersecurity incidents impacting healthcare organizations, more than any other key industry.
The new report also notes that data breaches in the healthcare sector cost more, on average, than in any other industry, averaging $10m between 2020 and 2024.
The findings of the report underscore the urgent need for healthcare organizations to strengthen their cyber defences and adopt a proactive approach to security. As the reliance on digital technology in healthcare continues to grow, so too does the attack surface, making it crucial for organisations to invest in robust security measures to protect patient data and critical services.
Read also:
- Abu Dhabi initiative for comprehensive genetic screening, aiming to diagnose over 800 conditions and enhance the health of future generations in the UAE.
- Elderly shingles: Recognizing symptoms, potential problems, and available treatments
- Exploring the Reasons, Purposes, and Enigmas of Hiccups: Delving into Their Origins, Roles, and Unsolved Aspects
- Various forms of cataracts include nuclear, pediatric, traumatic, and additional types
