Report: How Hackers Attack Healthcare, Compromise Cybersecurity

Samara Rosenfeld
AUGUST 22, 2019
lock and key

Cyberattacks keep targeting healthcare organizations and health systems. What are executives to do to try to mitigate the damage?
 
Data theft, or stealing or accessing health information, and disruptive and destructive threats, like ransomware and malware, are the two groups of threats facing healthcare organizations, according to a report released by cybersecurity company FireEye.
 
FireEye also identified threat activity by motivation in its report called “Beyond Compliance: Cyber Threats and Healthcare,” including cybercrime, cyber espionage and nation state threats and hacktivism and information operations.
 
Cybercrime is a financially motivated threat that poses a high-frequency and high-impact threat to a healthcare organization. Cybercriminals generally target personally identifiable information (PII), protected health information (PHI) and access to critical systems. These threats include credential theft malware distribution, cryptomining, sale of compromised access to healthcare systems, encryption of hospital systems through ransomware and extortion campaigns.
 
Cyber espionage and nation state threats targeting the healthcare industry can have a big impact, FireEye experts noted. This activity could lead to catastrophic impacts if destructive or highly disruptive campaigns target healthcare, especially against providers.
 
Hacktivism and information operations are fairly uncommon in the healthcare industry and, if used, would likely have a negligible or minor impact on the targeted organizations, the report said.
 

Health Data Theft

Cybercriminals often target poorly secured healthcare providers to obtain PII and PHI. Cyber spies then leverage the data for intelligence collection to further target high-profile individuals or providers who have access to valuable information. Cyber spies also look to target organizations conducting research and development for treatments, medical devices or biotechnology, all of which have valuable intellectual property, according to the report.
 
It is not uncommon for cybercriminals to buy and sell PII and PHI obtained from healthcare providers and institutions in underground marketplaces.
 
FireEye detected multiple healthcare-associated databases for sale on underground websites for less than $2,000. Cybercriminals also sell illicit access to healthcare organizations in these markets. This enables other potential attackers get additional information following a data breach, such as obtaining and exfiltrating sensitive information. Other post-exploitation threats include infecting other devices in the compromised network or using connections and information in the network to exploit relationships between the breached organization and other organizations to compromise more networks, according to the report.
 
One cybercriminal group called thedarkoverlord targeted the healthcare industry by selling access to records and attempted extortion. The group sold more than 9.2 million records of people from a provider in the U.S. (not specified) for 300 bitcoins in 2016 and nearly 400,000 records from a provider in Atlanta, Georgia for the same price, the report added.
 

Disruptive and Destructive Threats 

Ransomware, cryptomining malware and targeting medical cyber physical systems are all examples of disruptive and destructive threats.
 
One of the most threatening attacks to the healthcare industry is ransomware because of the near real-time access to patient data and the potential for harm to patients if healthcare organizations lose access to important files or devices. Although there could be a bigger target by law enforcement on cybercriminals who use ransomware on a hospital or healthcare system, many attackers are willing to assume the risk because these entities generally have the means and willingness to pay, FireEye experts wrote.
 
“To reduce the impact from ransomware infections, organizations, particularly those that require high availability, like hospitals, should have not only robust backup policies and implementations, but also redundant and properly segmented isolated networks and systems,” FireEye suggested.
 
With the increase in biomedical devices, there is potential for the industry to be an even more attractive target for disruptive and destructive cyberattacks.
 
“To move beyond compliance with current regulations and address the ever-changing threat landscape, organizations in this sector should utilize threat intelligence to understand these threats continue to evolve and minimize risks appropriately,” FireEye experts wrote.

Get the best insights in digital health directly to your inbox.

Related
Patient Records Compromised in Breaches Doubled in First Half of 2019
Why Healthcare Is So Vulnerable to Ransomware and What We Can Do About It
Cybersecurity Training Not a Priority for Health Systems, Employees Aren't Being Trained

SHARE THIS SHARE THIS
9
Become a contributor