Attackers Delight: Why Does Healthcare See So Many Attacks?

Share
Martin Lee, Technical Lead of Security Research and EMEA Lead at Cisco Talos, highlights how cybercriminals exploit healthcare’s critical nature for ransom
Although hackers don’t discriminate, the sustained high number of attacks on the healthcare industry can cost those in the sector more than just money

As the scourge of ransomware continues to wreak havoc on everything from supply chains, to energy providers and financial institutions, one industry stands as being, if not the most hit, certainly the worst hit. 

Healthcare has had a particularly bad year. In the first half of 2024, a London Hospital was hit with a ransomware attack that forced it to cancel countless, vital appointments, and UnitedHealth subsidiary Change Healthcare experienced the one of the worst-ever cyberattacks on a US healthcare system.

Although both devastating, these two are unfortunately not unprecedented. The 2017 WannaCry ransomware attack affected 80 out of 236 the UK’s NHS trusts and brought many trusts to a total standstill.

But after many years, and lessons learned, later why is healthcare still such a target for cyber attacks? 

“The services provided by these systems keep people alive and healthy, any interruption has consequences for patient care,” says Martin Lee, Technical Lead of Security Research and EMEA lead at Cisco Talos. “This creates an environment which criminals can exploit to their advantage.”

Healthcare as a target

Dealing with life and death certainly creates incentive. For both sides. Healthcare providers are more likely to pay a ransom to get their systems back online, and hackers know that. 

Change Healthcare admitted it paid a US$22m ransom to the hackers who had targeted them. Although their hack was not any vital stopping operations, it did however focus on the leaking of confidential patient data. That is where we can find a big portion of motivation. 

“The healthcare sector has become a prime target for cybercrime, given the amount of confidential data stored within systems,” Gregg Hardie, Public Sector Director at SailPoint explains. 

Sensitive health data has high value, up to nine times as much as banking information, and risks being held to ransom, released to the dark web, or sold to the highest bidder for whatever nefarious activities. 

But it is not just the why which serves as the motivation, the how it can happen makes healthcare equally attractive. 

David Emm, Principal Security Researcher at Kaspersky, explains how outdated systems and IoT vulnerabilities amplify cybersecurity risks in healthcare

Entry for attacks

With the primary focus being on providing healthcare, and with many dealing with budget constraints, it is understandable that investments in new patient care technology may have been prioritised over investments in cyber security or network infrastructure.

“The scale of NHS operations, legacy issues from the COVID-19 pandemic and the large numbers of people awaiting treatment, exacerbates the sector's vulnerabilities,” says David Emm, Principal Security Researcher at Kaspersky.

Healthcare organisations like the UK’s NHS are very large; it is one of the largest employers in the world with 1.6 million people working for it. Implement large-scale change of these systems with either an update or switch to a modern system could prove costly and create too much downtime. 

As a result, many systems being used are outdated. In fact, a review of NHS trusts following the WannaCry attack found a number of them were still using Windows XP, a operating system that was already 17-years-old at the time. 

“These outdated softwares and legacy systems pose a significant threat, since they are more vulnerable to attacks,” David continues. 

In addition to the poor security of these older legacy systems, this neglect has led to weaknesses or an inability to properly manage network traffic. 

Which at a time when more and more health providers are implementing internet of things (IoT) devices into their operations, also adds to pressures.

“Unpatched, vulnerable network-connected medical devices allow threat actors to gain a toe-hold within a network, persist for long periods of time before launching further attacks from the compromised device,” Martin explains.

Combine that with the number of non-employee identities tapping in and out of their internal networks – like locuming nurses – and reliance on third party software providers like with the case of the London hospital hack, and you are faced with a perfect storm of weak system security and a huge attack surface.

Gregg Hardie, Public Sector Director at SailPoint, discusses the high value of confidential health data and its appeal to cybercriminals

Putting healthcare in a better position

Improving the security posture of healthcare providers is a big but not impossible task. It starts with managing the vast attack surface modern healthcare providers operate. 

“To enhance cyber resilience, healthcare organisations should adopt a zero-trust security model,” explains David.

This approach emphasises strict identity verification and access controls.

By implementing zero-trust principles, healthcare providers can ensure 'least-privileged' access to users, devices and applications, thereby reducing the risk of unauthorised access to sensitive data by reducing the amount of entry points to the wider network.

“Keeping track of employees and non-employees effectively means ensuring that these identities are managed centrally and intelligently. Technology such as identity security allows organisations complete visibility over who is entering their internal systems, enabling them to manage access rights whilst ensuring the protection of sensitive data,” says Greg.

But just as the healthcare sector reaches out to external solution providers to help it with things like blood diagnostics, so should it do so for security. 

“Healthcare companies must work closely with security experts to get non-employee risk management processes up and running,” Greg explains.

This becomes increasingly important with the burgeoning of AI, as these professionals can help healthcare organisations to not only understand the new risk, but find ways to implement it so that it benefits them.  

“Investing in advanced threat detection technologies, such as AI-driven analytics and machine learning, is also essential,” David explains. “These tools help in identifying and mitigating threats in real-time. Obtaining good intelligence on the activities of potential threat actors is crucial in anticipating and preparing for specific threats.”

Yet with so many lingering issues, perhaps the sector should first walk before it runs. 

Protecting more than physical health

UnitedHealth Group CEO Andrew Witty explained to a US government committee following the hack that a ransomware actor gained access to the internal network via a server that did not have multi-factor authentication (MFA), rendering it vulnerable to brute force attacks and compromised credentials, which is how a ransomware affiliate breached its network.

This lack of basic cyber hygiene, although not entirely unique to the healthcare sector, would be a good place to start.  

“To enhance cybersecurity in the healthcare sector, it's essential to focus not only on new and emerging technologies but also on getting the basics right,” says David. “While AI-driven analytics, machine learning, and advanced threat detection systems offer significant potential for real-time monitoring and proactive defence, starting with robust patch management is crucial.”

The cybersecurity challenges facing the healthcare sector are significant, but not insurmountable. While the industry grapples with legacy systems, budget constraints, and an ever-expanding digital footprint, a cure for their poor cyber posture is available. 

Its prescription is a regiment of updating internal systems, applying new technologies, and a culture that values digital hygiene as much as it does hand-washing.

The road ahead may be challenging, but with concerted effort and a commitment to ongoing improvement, the healthcare industry can prepare itself for a future where it protects itself and its patients from more than just physical harm.

To read the full story in the magazine click HERE

​​​​​​​**************

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand

Share

Featured Articles

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

As real-time monitoring becomes crucial in motorsport, F1 team VCARB partners with Dynatrace to implement AI analytics and security systems

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI

Darktrace to Acquire Cado Security in Cloud Defence Push

Cloud Security

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security