Cybersecurity in healthcare: How hackers get in and how organizations can protect themselves

A cybersecurity expert explains why healthcare organizations are vulnerable to cyberattacks — and how they can strengthen their defenses.

Article By: Sam Rubin

Blog Source From : https://www.healthcaredive.com/

As technology advances at a rapid pace, even the most sophisticated organizations struggle to keep up — especially when it comes to cybersecurity. Many healthcare organizations still operate on outdated systems, exposing them to increasing cyber threats. In 2024, these issues have escalated, bringing healthcare cybersecurity to a critical juncture.

This year, cyberattacks on healthcare organizations have dominated headlines, heightening public awareness and drawing urgent attention from executives and boards who now grasp the far-reaching risks to their customers, partners, business and reputation. A recent study by Bain & Company and Klas Research found that 75% of healthcare providers and payers increased their IT spending after major attacks in early 2024.

Why healthcare?

According to Palo Alto Networks’ Ransomware Review for the first half of 2024, healthcare has become the second most targeted industry globally, according to data from threat actor leak sites. This spike is alarming but not surprising, as healthcare organizations are uniquely vulnerable for three key reasons:

1. Real-time patient care: Any disruption to healthcare services has immediate, potentially life-threatening consequences, making organizations desperate to avoid downtime.
2. Sensitive data: Healthcare providers store highly valuable protected health information (PHI), which is a prime target for cybercriminals.
3. Complex ecosystem: The extensive web of partners and third-party vendors that also need to use healthcare organizations’ networks (e.g. tech providers, internet of things, etc), allows multiple entry points for bad actors, and means a disruption can cause a ripple effect against multiple entities.

These factors make healthcare a particularly attractive target for hackers seeking financial gain through extortion or espionage by stealing patient data, ransoming organizations or selling sensitive information.

How criminals are getting in

For healthcare attacks, the top initial access points leveraged by cybercriminals are phishing, information-stealer malware and unpatched systems with weak user credentials. The top threat types in healthcare include Distributed Denial-of-Service (flooding a network or server with traffic to make it inaccessible or degrade its performance), supply chain attacks, web application attacks, ransomware, data breaches and insider threats.

These attacks are happening through greater exploitation of vulnerabilities on a mass scale, with increasing speed. Through my work with Unit 42, we’ve seen that in nearly 45% of incident response cases, attackers have exfiltrated data in less than 24 hours. Previously, organizations had some time between disclosure and patching; that is no longer the case as attackers can scan for and weaponize vulnerabilities in mere minutes or hours.

There has been significant upticks in extortion, often accompanied by ransomware. In these cases, cybercriminals may demand payment in exchange for returning system functionality or not exposing critical patient information. Numerous cybercrime groups are targeting healthcare today, such as LockBit 3.0, BianLian, Inc., and Medusa – who are collectively responsible for more than 50 unique compromises from January through April in 2024.

What healthcare organizations can do

To strengthen their defenses, healthcare organizations must adopt a proactive approach:

• Increase visibility

To protect your organization, you need complete visibility of both internal and external attack surfaces as they constantly evolve. This includes a clear understanding of data from endpoints, applications and identity sources across headquarters, data centers, cloud environments and remote locations. Collection of threat telemetry and monitoring across all these areas is critical.

• Reduce complexity

Consolidation and integration are key to simplifying your security architecture. Forensic investigation often reveals valuable information in logs, but this data is difficult to leverage when siloed or spread across too many disconnected systems. A fragmented approach to prevention, detection and response adds unnecessary complexity, making it harder to act quickly.

• Drive real-time response

Technological advancements enable real-time responses by correlating telemetry from across your enterprise. Automating threat detection and prioritization helps security teams focus on the most critical issues, reducing manual effort and improving overall response times. This capability is essential for identifying and containing incidents before they escalate.

Escalating threats against the healthcare sector highlight an urgent need for enhanced cybersecurity measures. As attacks become more sophisticated, healthcare organizations must prioritize security to protect sensitive patient data and maintain operational continuity. By adopting proactive measures and staying informed about emerging threats – healthcare providers can better defend against the growing cyber risks to safeguard their critical operations.