Netwrix on Thursday reported that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals.
The study found that phishing was the most common type of attack reported, followed by ransomware and other malware, and targeted attacks on cloud infrastructure.
"The first two years of the pandemic exhausted the industry,” said Dirk Schrader, vice president of security research at Netwrix. “With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions. Plus, the high value of data gives cyber criminals better opportunities at financial gain: They can either sell stolen sensitive medical information on the dark web or extort a ransom for 'unfreezing' the medical systems used to keep patients alive."
Sanjay Raja, vice president of marketing and solutions at Gurucul, said attackers know that healthcare institutions have constrained resources and budgets, maintain a wealth of personal and financial information on patients, and disruptions are often catastrophic. Raja said it can get even worse where nation-state threat actors collect healthcare data of family members to target individuals they see as high-value for exploitation.
“As the migration to cloud infrastructure increases, so does the subsequent attack surface,” Raja said. “To many security teams, cloud infrastructure is more of a black box than on-premises infrastructure and subsequently very difficult to monitor for threats like ransomware that often demand payment, but also steal data. Even worse is that vendor claims of cloud threat detection and analytics are barely more than modified correlation rules not optimized to find an attack campaign that may be split up across both public and on-premise systems to hide more effectively."
Mika Aalto, co-founder and CEO at Hoxhunt, added that because healthcare stands as a valuable and vulnerable target, hackers go after this industry because patient data and hospital systems are lucrative prey. Aalto said hackers know they can demand a high ransom if they compromise patient data or healthcare systems. Their favorite method: phishing.
“The more sophisticated attacks are missed by todays security technology layers such as secure email gateways and cloud security,” said Aalto. “The answer is increasingly to leverage the most intelligent detection engine available: the humans in every large complex organization. It turns out if you train them to spot these sophisticated attacks, and enable them to report them they spot them every time.”
Davis McCarthy, principal security researcher at Valtix, said the healthcare industry is run by collecting patient data, so when a breach happens, it tends to impact a large number of individuals – becoming expensive when fines are imposed on a per-record basis. McCarthy said using the cloud scales with the industry's dependence on data, while also improving its overall security.
“However, many critical workloads that quickly migrated to the cloud still lack a secure network architecture,” McCarthy said. “Organizations that lack defense in the cloud inadvertently expand their attack surface. Threat actors follow the data, and medical records potentially contain damaging details that can be used to fuel a myriad of cybercrimes, the cloud will continue to be a target for those with weak defenses in the healthcare industry.”