It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks.

In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.”

Although not unanimous, the majority of leaders also agree on their reaction to the attacks. 60% were “less than fully confident” in the technologies they currently use to prevent and mitigate ransomware attacks. Not surprisingly, the vast majority (85%) of leaders place mitigating cyberattacks as a “high” or “very high priority” in 2023. In response, most (82%) are increasing their investments this year to prevent and mitigate ransomware attacks.

Number of healthcare attacks remains steady

Initially, the steady number of attacks may appear to be good news. However, the rise in sophistication means they are typically harder to prevent and are more damaging. The IBM X-Force Threat Intelligence Index 2023 found that the proportion of healthcare cases to which X-Force has responded has remained at approximately 5% to 6% for the past three years. However, the majority of 2022 healthcare attacks occurred in Europe (58%), with 42% in North America.

By understanding the types of attacks, healthcare systems can prioritize their cybersecurity efforts to combat the increased sophistication. The report found that 27% of the cases examined were backdoor attacks, with web shells comprising 18%. Adware, BEC, crypto miners, loaders, reconnaissance and scanning tools, and remote access tools each made up 9% of the attacks.

Iran-based threats pose new risks

In addition to ongoing risks, cyber criminals in Iran are increasingly launching specific attacks on many industries, including the healthcare sector, which contributes to the increase in sophisticated attacks. According to CrowdStrike, the Iran attacks tend to be more disruptive due to the “lock and leak” approach, whereby criminals cause reputational damage by using ransomware to leak data to the general public. Attacks initiated in China tend to focus on intellectual property theft for medical devices, pharmaceuticals and other innovations, which are less disruptive.

Many of the attacks are challenging to prevent because they use sophisticated social engineering schemes. For example, a cyber criminal may impersonate someone from a government agency. Because attackers go to significant lengths to make the messaging and formatting of emails match those of the real entity, even trained employees may fall victim to the scheme.

Third parties increase healthcare incident risk

Healthcare systems partner with many other businesses and organizations to care for patients and operate the facilities. However, each new vendor adds risk to the healthcare system. Organizations inherit the risk of each vendor, meaning that a healthcare system’s risk includes all of its own vulnerabilities plus those of each supplier and vendor. With the increasing sophistication, healthcare systems must now be confident that their partners and vendors can also mitigate the high level of attacks.

Third-party healthcare attacks use many different forms and tactics. In late 2021, an authorized user of Eye Care Leaders (ECL), an ophthalmology-specific electronic medical record (EMR) solution, accessed more than two dozen organizations. More than 1.3 million patients at Texas Tech University Health Sciences Center (TTUHSC) potentially had personally sensitive information stolen, including insurance information, appointment information and Social Security numbers.

However, not all incidents involve patient records or technology providers. A breach at OneTouchPoint (OTP), a third-party mailing and printing vendor, impacted more than 35 healthcare brands, including Geisinger and Kaiser Permanente. The unauthorized access and exfiltrated files from healthcare systems and insurance companies included patient names, member IDs and information provided during a health assessment.

Reducing cybersecurity risk in healthcare

To combat the increase in sophistication, healthcare organizations must proactively prevent incidents. Here are steps to take to reduce your risk.

• Create a culture of cybersecurity. While specific training is important, healthcare organizations must also keep the importance of cybersecurity top of mind. When every employee truly feels personally responsible for preventing and stopping cyberattacks, healthcare systems achieve a culture of cybersecurity. Tools and technologies are key in preventing attacks. But without the foundation of a cybersecurity culture, healthcare systems remain at high risk as criminals improve their techniques.
• Focus on social engineering. With the increase in social engineering schemes, healthcare organizations must specifically address this threat. By teaching employees how to spot fake emails, healthcare systems can reduce their risk significantly. Show employees how to carefully look at the sender’s email address to notice slight variations that distinguish it from that of the legitimate company. To test knowledge and response, send test emails to employees and use the results as a training tool. This can help prevent them from falling for actual schemes when they inevitably arise.
• Create an incident response plan. Your healthcare organization will be a target of an attack — it’s simply a matter of time. By creating a plan, your team will know exactly what to do when an attack happens, which can significantly reduce downtime and disruption. Make sure that all satellite offices and hospitals are included in the plan because system integrations mean shared risk. However, you cannot create the plan and put it in a drawer. Your organization must regularly update the plan as well as practice responses. The more test runs you have, the more your employees are likely to make the right decisions when under stress. Every minute you save after an attack means less impact on patient care.
• Adopt zero trust. In the past, healthcare organizations focused on protecting the endpoints. However, with many different locations as well as remote workers, your healthcare system attack area is significantly larger. With a zero trust approach, healthcare systems use the framework to adopt strategies that reduce risk by assuming all apps, devices and users are unauthorized until proven otherwise.

Protecting sensitive healthcare data is paramount

In healthcare, the stakes of cybersecurity are even higher than in many other industries. Healthcare records contain highly sensitive data, including personal, financial and health diagnoses, which can be problematic for patients if breached. Additionally, disruptions from cybersecurity attacks don’t simply mean business disruptions but can cause delays in patient care. By taking proactive actions, healthcare systems can reduce their risk and ensure their ability to care for patients.