The healthcare industry will continually deal with a substantial selection of threats. Ransomware attacks and data breaches remain very rampant. In 2021, healthcare data breach reporting recorded a rate of around 2 each day, and although there was a decrease in the number of ransomware attacks in comparison to 2020, ransomware continues to be a significant threat with a number of ransomware gangs actively targeting the healthcare industry.
In the 4th Q, 2021 Healthcare Cybersecurity Bulletin , published on January 21, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) notified of a number of continuing cyberattack trends that are likely to carry on in Quarter 1 of 2022.
Ransomware
Law enforcement institutions in the United States and Europe have heightened their initiatives to bring the operators of ransomware operations and their affiliates to justice, with those campaigns resulting in the arrests of key members of various ransomware groups. This year, in an unusual act of cooperation between the U.S. and Russia, 14 suspected members of the infamous REvil ransomware gang have been apprehended. The elevated pressure on ransomware groups has helped to control attacks, however, there continue to be many ransomware gangs in operation, many of which were actively attacking the healthcare industry.
Emsisoft logged 68 ransomware attacks on healthcare providers in 2021, which is a decline from the 80 healthcare companies attacked in 2020; nevertheless, there were additionally a number of attacks on business associates that have affected several healthcare companies. Based on a current FinCEN report, there are a minimum of 68 active ransomware operations, and the 10 leading ransomware groups in 2021 made over $5.2 billion in ransom payments. Ransomware will remain a dilemma for the healthcare market in 2022, therefore it is essential to adhere to industry best practices to prepare for, avoid, and recover from ransomware attacks to make sure patient safety.
Apache Log4J
The vulnerabilities discovered in the Apache Log4J logging library, which was first made known to the public in the latter part of November 2021, continue to create problems for healthcare institutions. A proof-of-concept exploit was introduced in December 2021, and a number of threat actors were exploiting the vulnerabilities. HC3 gave a threat report on January 20, 2021, cautioning about the threat of exploitation of the 6 vulnerabilities and recommended mitigations that ought to be enforced right away to minimize the danger of exploitation.
Emotet Botnet
Emotet malware at first appeared in 2014 and was broadly employed in attacks on healthcare companies. Devices infected with the Emotet Trojan are put into the botnet, and access to those gadgets is sold to other threat gangs, frequently bringing about ransomware attacks. The botnet was taken out in January 2021, which is a component of the reason why there is a decline in ransomware attacks; nonetheless, the botnet is right now being rebuilt with greater resilience to takedown efforts and currently has various new capabilities. Emotet is most likely to present a substantial threat to the healthcare market in 2022 thus it is crucial to do something to enhance defenses. Emotet is mainly distributed through phishing emails, and so healthcare institutions must utilize robust email security steps and make certain they offer security awareness training to the employees.
Vulnerabilities
Vulnerabilities in information systems can be exploited to obtain access to healthcare networks and sensitive data. It is crucial for healthcare providers to be on top of patching and to utilize software updates immediately. Patching must be prioritized, with the vulnerabilities stated in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog dealt with first, together with any critical vulnerabilities in software programs, operating systems, and firmware.