HC3 Report on Cyberattack Trends and Insights to Enhance Healthcare Cybersecurity

The HHS’ Health Sector Cybersecurity Coordination Center has published a new report called Health Sector Cybersecurity: 2021 – Retrospective and 2022 Look Ahead. The report gives a retrospective view of healthcare cybersecurity in the last 30 years, showing a few of the big cyberattacks to strike the healthcare sector.

In 1989, Biologist Joseph Popp gave 20,000 floppy disks at the Stockholm World Health Organization AIDS conference. When the disks were utilized, malicious code that counted reboots is installed. Upon reaching 90 reboots, there is a ransom note shown that stated the software program lease had ended and a $189 payment was needed to get access to the system again.

The report reveals how adversaries amplified their attacks on the healthcare sector from 2014 to 2017.

  • In 2014, Boston Children’s Hospital experienced a serious Distributed Denial of Service (DDoS) attack.
  • In 2015, there was a big cyber attack on Anthem Inc. where the records of 80 million health plan subscribers had been accessed without authorization.
  • In 2016, Hollywood Presbyterian Medical Center paid a $17,000 ransom after a ransomware attack.
  • In 2017, the WannaCry exploits impacted over 200,000 systems.

In 2019, ransomware began to be widely employed in attacks on healthcare companies with the Ryuk ransomware group as one of the well-known ransomware operators. One of the group’s attacks was done on a managed service provider and impacted about 400 dental clinics. Attacks persisted, and more actors began utilizing ransomware to attack businesses. In 2020, cybercriminals exploited the COVID-19 pandemic and employed COVID-19 baits in their phishing attacks which extended all through 2021. McAfee noticed 375 COVID-themed threats on average per minute in 2020.

2020 had substantial cyberattacks reported by Scripps Health, Accellion, SolarWinds, CaptureRX, and Universal Healthcare Services. Emsisoft reported that $18.6 billion in ransoms had been paid globally to ransomware groups, though it was approximated that the exact total was about $75 billion.

The popular Maze ransomware group de-activated its operation in 2020, however, attacks were conducted by a lot of other cyber actors such as REvil, BlackMatter and Abaddon. In 2021, the Conti ransomware gang conducted a huge ransomware attack on the Health Service Executive in Ireland. The attack affected 54 public hospitals along with others that relied on HSE infrastructure. It took 4 months to restore all online systems.

The report shows that cyberattacks on the healthcare industry have been ongoing for several years and it will continue for years ahead. HC3 advises healthcare companies to continue to enhance their defenses to prevent the most common threats like phishing, ransomware, and malware. Security teams ought to have regular security awareness training for workers, conduct phishing simulation activities to check the efficiency of training, use gateway/mail server filtering, whitelisting, and blacklisting, as well as operationalize indicators of compromise.

It is additionally essential to secure remote access technologies, which are often exploited to obtain systems access. Virtual Private Networks and technologies using the Remote Desktop Protocol must be operationally reduced, services must be switched off if not in use, and records of activity must be preserved and routinely checked.

Vulnerability management is important and must be methodical, extensive, and repeatable, and there should be systems of enforcement. It is essential to keep situational knowledge of appropriate vendor updates and notifications and to create a repeatable assessment, patching, and update deployment processes.

It is essential for healthcare companies to know the importance of what the company is losing — protected health information, which holds a high cost on the black market, and intellectual property, which is frequently desired by foreign nations. Once resources were identified, steps should be taken to make sure that those resources are secured.

Besides employing safety measures to secure against attacks, it is essential to know that there will continue to be a high likelihood of compromise and to get ready for an attack and plan and check the reaction ahead of time to make sure that the business can keep operating.

It is likewise advised that healthcare companies look at comparatively new-ish ways of planning on defense, and take into account that adversaries are currently thinking in relation to increasing the number of victims and are attacking managed service providers and also the supply chain. Healthcare companies must consider how they could stop and abate attacks on third parties.

HC3 states situational awareness will always be important. New threats will come; the tactics, techniques, and procedures of cyber actors will change, and new vulnerabilities will come up. It is essential to stay updated with new threats and vulnerabilities and the way to correct and mitigate them.

It is critical to maintain reliable defense measures and to protect against distributed attacks as well as other channels of compromise. HC3 has mentioned a number of resources in the report that healthcare companies can utilize to create their defenses and prohibit present and upcoming attack methods.