Every day, cyber criminals target government organizations and hospitals, from phishing emails aimed at employees to the more sophisticated cyberattacks targeting networks, critical infrastructure, sensitive mission and patient data, as well as life-saving operational systems in the clinical environment.
The threat landscape constantly evolves as adversaries have now shifted their focus on data extortion, while nation-state adversaries take aim at vulnerabilities in the software supply chain with devastating consequences for the public and healthcare sectors.
Moreover, cyber has become the new weapon of modern warfare, as Russia demonstrated in February 2022 when it launched denial-of-service attacks on Ukraine banking and defense websites as a precursor to its ground invasion.
Over the past year, the public and healthcare sectors have focused on how to adapt, persevere and stay a step ahead of cyberattacks in an increasingly ominous threat landscape. But adversaries are relentless and certainly will continue to refine their tradecraft. In 2023, security teams in the public and healthcare sectors will need to stay ahead of identity-based attacks, ransomware-based data extortion attacks, all while navigating macroeconomic and geopolitical uncertainty.
2023 public and healthcare sector cybersecurity trends
Organizations will expedite the federal government’s zero-trust strategy to meet an increase in identity-based attacks: Throughout 2022, we have seen identity-based attacks become more sophisticated as adversaries leverage fileless techniques to bypass traditional multi-factor authentication (MFA) defenses. In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure, or exfiltrate critical data from Microsoft Azure, and other public cloud infrastructure providers.
The federal government’s zero-trust strategy emphasizes the need for stronger enterprise identity and access controls. Security teams predicate zero-trust on securing everything inside and outside of an organization’s information technology systems based on trusted identities. This year, public sector organizations and healthcare providers alike will need to take a unified identity threat protection approach to security that gives them the visibility they need to detect and thwart identity-based attacks while meeting the demands of federal zero-trust requirements.
Data extortion will become the No. 1 eCrime tactic in attacks on the healthcare industry: In recent years, there has been an 82% increase in data leaks resulting from ransomware and throughout 2022, adversary groups, like the Hive ransomware group, have aggressively and painfully targeted the healthcare industry. CrowdStrike data indicates that weak, stolen or compromised credentials were often one of the fastest ways into systems for cybercriminals to launch ransomware attacks against the healthcare industry. In 2023, we will continue to see the weaponization of data rise as extortion becomes the most common tactics, techniques, and procedures (TTPs) used by cybercriminals. Data extortion will surpass traditional data encryption and provide threat actors with the ability to victimize organizations repeatedly with such tactics as double or triple extortion, that exfiltrate the victim’s data as well as encrypting and collecting ransom payments.
Additionally, the healthcare industry must comply with various regulatory requirements, amplifying the fact that data extortion methods are potentially devastating. With every successful data breach, adversaries have the power to extort millions of dollars from healthcare facilities merely with the threat of leaking or selling sensitive data, such as patient health information (PHI). As a result of this increase in data theft and extortion in healthcare, there will be explosive growth of new criminal marketplaces dedicated to advertising and selling victims’ data to the highest bidders.
Uncertainty will create a breeding ground for high-profile cyber incidents for the healthcare and public sectors broadly: Uncertainty has been permeating worldwide, and it will create an environment ripe for threat actors to exploit. In the rapidly-changing economic and geopolitical climate, government organizations and healthcare institutions are under increased pressure to do more with less, securing their networks with similar or potentially fewer resources against the increasing volume and severity of cyberattacks. Ransomware attackers, which targeted healthcare facilities during the uncertainty of the pandemic will continue to seek access to valuable patient data in 2023. In October 2022, the FBI Internet Crime Complaint Center (ICA) reported that among 16 critical infrastructures, the healthcare and public health sector accounts for 25% of ransomware complaints.
As the year ended, The Lake Charles Memorial Health System (LCMHS), the largest medical complex in Lake Charles, Louisiana, reported a ransomware attack that impacted the information of 270,000 patients. The Hive ransomware group, which claimed responsibility, listed LCMHS on its data leak site. The group exposed files that contained patient health information (PHI), including full names, physical addresses, dates of birth, medical records and social security numbers in some cases. Cybercriminals and threat actors thrive on uncertainty. As a result, public sector organizations and healthcare facilities will need security platforms that ensure robust protection while making efficient use of tightened budgets, limited resources and reduced human capacity.
Cyberattacks will continue to rise in 2023 as cybercriminals and adversaries ramp-up identity-based and ransomware attacks to take advantage of economic and geopolitical uncertainty. Public and healthcare sector security teams must adopt a comprehensive cybersecurity strategy that includes visibility and proactive protection across identities, IT infrastructures, and cloud workloads.
James Yeager, vice president, public sector and healthcare, CrowdStrike