It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks.

In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.”

Although not unanimous, the majority of leaders also agree on their reaction to the attacks. 60% were “less than fully confident” in the technologies they currently use to prevent and mitigate ransomware attacks. Not surprisingly, the vast majority (85%) of leaders place mitigating cyberattacks as a “high” or “very high priority” in 2023. In response, most (82%) are increasing their investments this year to prevent and mitigate ransomware attacks.

Number of healthcare attacks remains steady

Initially, the steady number of attacks may appear to be good news. However, the rise in sophistication means they are typically harder to prevent and are more damaging. The IBM X-Force Threat Intelligence Index 2023 found that the proportion of healthcare cases to which X-Force has responded has remained at approximately 5% to 6% for the past three years. However, the majority of 2022 healthcare attacks occurred in Europe (58%), with 42% in North America.

By understanding the types of attacks, healthcare systems can prioritize their cybersecurity efforts to combat the increased sophistication. The report found that 27% of the cases examined were backdoor attacks, with web shells comprising 18%. Adware, BEC, crypto miners, loaders, reconnaissance and scanning tools, and remote access tools each made up 9% of the attacks.

Read the Threat Index

Iran-based threats pose new risks

In addition to ongoing risks, cyber criminals in Iran are increasingly launching specific attacks on many industries, including the healthcare sector, which contributes to the increase in sophisticated attacks. According to CrowdStrike, the Iran attacks tend to be more disruptive due to the “lock and leak” approach, whereby criminals cause reputational damage by using ransomware to leak data to the general public. Attacks initiated in China tend to focus on intellectual property theft for medical devices, pharmaceuticals and other innovations, which are less disruptive.

Many of the attacks are challenging to prevent because they use sophisticated social engineering schemes. For example, a cyber criminal may impersonate someone from a government agency. Because attackers go to significant lengths to make the messaging and formatting of emails match those of the real entity, even trained employees may fall victim to the scheme.

Third parties increase healthcare incident risk

Healthcare systems partner with many other businesses and organizations to care for patients and operate the facilities. However, each new vendor adds risk to the healthcare system. Organizations inherit the risk of each vendor, meaning that a healthcare system’s risk includes all of its own vulnerabilities plus those of each supplier and vendor. With the increasing sophistication, healthcare systems must now be confident that their partners and vendors can also mitigate the high level of attacks.

Third-party healthcare attacks use many different forms and tactics. In late 2021, an authorized user of Eye Care Leaders (ECL), an ophthalmology-specific electronic medical record (EMR) solution, accessed more than two dozen organizations. More than 1.3 million patients at Texas Tech University Health Sciences Center (TTUHSC) potentially had personally sensitive information stolen, including insurance information, appointment information and Social Security numbers.

However, not all incidents involve patient records or technology providers. A breach at OneTouchPoint (OTP), a third-party mailing and printing vendor, impacted more than 35 healthcare brands, including Geisinger and Kaiser Permanente. The unauthorized access and exfiltrated files from healthcare systems and insurance companies included patient names, member IDs and information provided during a health assessment.

Reducing cybersecurity risk in healthcare

To combat the increase in sophistication, healthcare organizations must proactively prevent incidents. Here are steps to take to reduce your risk.

  • Create a culture of cybersecurity. While specific training is important, healthcare organizations must also keep the importance of cybersecurity top of mind. When every employee truly feels personally responsible for preventing and stopping cyberattacks, healthcare systems achieve a culture of cybersecurity. Tools and technologies are key in preventing attacks. But without the foundation of a cybersecurity culture, healthcare systems remain at high risk as criminals improve their techniques.
  • Focus on social engineering. With the increase in social engineering schemes, healthcare organizations must specifically address this threat. By teaching employees how to spot fake emails, healthcare systems can reduce their risk significantly. Show employees how to carefully look at the sender’s email address to notice slight variations that distinguish it from that of the legitimate company. To test knowledge and response, send test emails to employees and use the results as a training tool. This can help prevent them from falling for actual schemes when they inevitably arise.
  • Create an incident response plan. Your healthcare organization will be a target of an attack — it’s simply a matter of time. By creating a plan, your team will know exactly what to do when an attack happens, which can significantly reduce downtime and disruption. Make sure that all satellite offices and hospitals are included in the plan because system integrations mean shared risk. However, you cannot create the plan and put it in a drawer. Your organization must regularly update the plan as well as practice responses. The more test runs you have, the more your employees are likely to make the right decisions when under stress. Every minute you save after an attack means less impact on patient care.
  • Adopt zero trust. In the past, healthcare organizations focused on protecting the endpoints. However, with many different locations as well as remote workers, your healthcare system attack area is significantly larger. With a zero trust approach, healthcare systems use the framework to adopt strategies that reduce risk by assuming all apps, devices and users are unauthorized until proven otherwise.

Protecting sensitive healthcare data is paramount

In healthcare, the stakes of cybersecurity are even higher than in many other industries. Healthcare records contain highly sensitive data, including personal, financial and health diagnoses, which can be problematic for patients if breached. Additionally, disruptions from cybersecurity attacks don’t simply mean business disruptions but can cause delays in patient care. By taking proactive actions, healthcare systems can reduce their risk and ensure their ability to care for patients.

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today