Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern.
The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations, data theft and disclosure and even the loss of human lives when medical goods and services are unavailable.
So what do healthcare organizations and patients need to know about cyberattacks on the healthcare sector in Latin America?
According to the IBM Security X-Force Threat Intelligence Index 2023 report, the proportion of incidents to which X-Force Incident Response has responded in the healthcare sector has remained at approximately 5% to 6% of total incidents over the past three years. Ransomware outpaced other attacks in Latin America, accounting for 32% of the cases to which X-Force responded.
Additionally, the main access vectors for healthcare companies in Latin America are the exploitation of public-facing applications (T1190), the abuse of valid accounts (T1078) and the exploitation of external remote services (T1133).
3 critical risk factors
Exploitation of Public-Facing Applications
IBM X-Force Incident Response observed that attackers mainly exploit weaknesses and vulnerabilities in services and programs with internet access, especially websites. In other cases, they exploit vulnerabilities in web servers (Apache Tomcat, outdated versions of Apache and outdated security patches, for example).
Abuse of Valid Accounts
Attackers exploit remote system accounts and externally available services, such as virtual private networks (VPNs), network devices and remote desktops. In other cases, they exploit inactive accounts or accounts that do not expire passwords (exfiltrated on the Deep Web) with dictionary-based or credential-stuffing attacks.
Exploitation of External Remote Services
Exploiting remote access services such as Citrix desktops, access gateways and VPNs allows attackers to connect to internal healthcare enterprise resources from external locations.
IBM X-Force incident response recommendation
These are some examples of the main intrusion vectors that IBM X-Force Incident Response has identified in healthcare companies in the Latin American region. All healthcare organizations in the region must prepare to face these threats and have adequate security measures to protect patient information’s privacy and security.
The following are the IBM X-Force Incident Response team’s recommendations:
- Develop incident response plans tailored to their environment. These plans should be updated regularly to maintain or improve response and recovery times.
- Perform regular backups focused on critical medical services. Keep copies in secure, segmented and physically separated locations.
- Allow only authorized applications. Configure third-party operating systems and medical services to run only approved applications.
- Monitor your medical IT infrastructure, medical devices and domain controller at the system and application registry level.
- Ensure a technology governance and cybersecurity team is created to support medical services operations.
- Have the support and coverage of a specialized incident response and computer forensics team that can act promptly in future events and contribute to the containment, remediation and recovery of business operations.
- Implement security operations centers to detect and manage security breaches through early alerts, provide real-time infrastructure security monitoring, implement preventive measures and improve responsiveness to future attacks.
- Include additional endpoint protection layers on the technological infrastructure of healthcare companies.
Reduce vendor risk
To mitigate the main access vectors, keep in mind the following:
- Segregate external servers and services from the rest of the network with a DMZ or separate hosting infrastructure.
- Manage privileged accounts by implementing minimum privileges for service accounts.
- Maintain all computers, servers and medical devices with patching and vulnerability management processes.
- Scan external systems for vulnerabilities regularly.
- Audit user accounts for unusual activity and disable or delete those that are no longer needed.
- Ensure that applications do not store sensitive data or credentials insecurely (clear text).
- Improve the policies and administration of passwords for all technologies that are part of the health sector company to ensure security in system access. It is recommended that these passwords be longer than 12 characters, including special symbols and numbers, in addition to verifying the relevance of multifactor authentication in the case of critical services.
- Disable or block remotely available services that may be unnecessary.
- Conduct research on the Deep Web to identify possible information leaks, including credentials.
Rising to meet the threat
Protecting medical data and ensuring the availability of healthcare services should be one of the main objectives of companies associated with the medical sector. That is why IBM X-Force Incident Response is always available to help you create and manage an integrated security program to protect your company from global threats, reduce attacks’ impact and prevent or respond quickly to future attacks through X-Force Incident Response retainer services.