Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern.

The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations, data theft and disclosure and even the loss of human lives when medical goods and services are unavailable.

So what do healthcare organizations and patients need to know about cyberattacks on the healthcare sector in Latin America?

According to the IBM Security X-Force Threat Intelligence Index 2023 report, the proportion of incidents to which X-Force Incident Response has responded in the healthcare sector has remained at approximately 5% to 6% of total incidents over the past three years. Ransomware outpaced other attacks in Latin America, accounting for 32% of the cases to which X-Force responded.

Additionally, the main access vectors for healthcare companies in Latin America are the exploitation of public-facing applications (T1190), the abuse of valid accounts (T1078) and the exploitation of external remote services (T1133).

3 critical risk factors

Exploitation of Public-Facing Applications

IBM X-Force Incident Response observed that attackers mainly exploit weaknesses and vulnerabilities in services and programs with internet access, especially websites. In other cases, they exploit vulnerabilities in web servers (Apache Tomcat, outdated versions of Apache and outdated security patches, for example).

Abuse of Valid Accounts

Attackers exploit remote system accounts and externally available services, such as virtual private networks (VPNs), network devices and remote desktops. In other cases, they exploit inactive accounts or accounts that do not expire passwords (exfiltrated on the Deep Web) with dictionary-based or credential-stuffing attacks.

Exploitation of External Remote Services

Exploiting remote access services such as Citrix desktops, access gateways and VPNs allows attackers to connect to internal healthcare enterprise resources from external locations.

IBM X-Force incident response recommendation

These are some examples of the main intrusion vectors that IBM X-Force Incident Response has identified in healthcare companies in the Latin American region. All healthcare organizations in the region must prepare to face these threats and have adequate security measures to protect patient information’s privacy and security.

The following are the IBM X-Force Incident Response team’s recommendations:

  • Develop incident response plans tailored to their environment. These plans should be updated regularly to maintain or improve response and recovery times.
  • Perform regular backups focused on critical medical services. Keep copies in secure, segmented and physically separated locations.
  • Allow only authorized applications. Configure third-party operating systems and medical services to run only approved applications.
  • Monitor your medical IT infrastructure, medical devices and domain controller at the system and application registry level.
  • Ensure a technology governance and cybersecurity team is created to support medical services operations.
  • Have the support and coverage of a specialized incident response and computer forensics team that can act promptly in future events and contribute to the containment, remediation and recovery of business operations.
  • Implement security operations centers to detect and manage security breaches through early alerts, provide real-time infrastructure security monitoring, implement preventive measures and improve responsiveness to future attacks.
  • Include additional endpoint protection layers on the technological infrastructure of healthcare companies.

Reduce vendor risk

To mitigate the main access vectors, keep in mind the following:

  • Segregate external servers and services from the rest of the network with a DMZ or separate hosting infrastructure.
  • Manage privileged accounts by implementing minimum privileges for service accounts.
  • Maintain all computers, servers and medical devices with patching and vulnerability management processes.
  • Scan external systems for vulnerabilities regularly.
  • Audit user accounts for unusual activity and disable or delete those that are no longer needed.
  • Ensure that applications do not store sensitive data or credentials insecurely (clear text).
  • Improve the policies and administration of passwords for all technologies that are part of the health sector company to ensure security in system access. It is recommended that these passwords be longer than 12 characters, including special symbols and numbers, in addition to verifying the relevance of multifactor authentication in the case of critical services.
  • Disable or block remotely available services that may be unnecessary.
  • Conduct research on the Deep Web to identify possible information leaks, including credentials.

Rising to meet the threat

Protecting medical data and ensuring the availability of healthcare services should be one of the main objectives of companies associated with the medical sector. That is why IBM X-Force Incident Response is always available to help you create and manage an integrated security program to protect your company from global threats, reduce attacks’ impact and prevent or respond quickly to future attacks through X-Force Incident Response retainer services.

More from Healthcare

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today