The healthcare industry is being attacked with more data breaches. Why do hackers want to target the healthcare industry? FireEye came up with a new report to provide answers to this question.
FireEye researchers analyzed the latest healthcare cyberattacks to identify the tactics used. The researchers classified attacks into two categories: Those after data theft and those after destructive/disruptive threats.
A lot of attacks are targeted on getting patient information though research information could also be very beneficial. Cyberattacks targeting research data have a low, yet remarkable effect risk to healthcare companies. These attacks are frequently connected with nation-state threat actors.
Cybercriminal gangs and hacking groups sponsored by a nation-state are spending time and resources to target certain healthcare companies that store valuable data. That may be a business associate partnering with a lot of healthcare companies or a huge healthcare system.
Healthcare companies are vulnerable to cyberattacks because many keep on using obsolete and unsupported software programs and operating systems. A lot of cyberattacks are opportunistic and happen because of healthcare providers’ failure to take care of easily exploitable flaws in their security system. Nevertheless, it is now more and more common for healthcare providers to be targeted because of the volume of data they keep.
A big problem in the healthcare industry is disruptive and destructive threats such as ransomware and wiper malware attacks. Nation-state threat actors and cybercriminals are executing attacks that impact the continuation of operations.
The motivation behind cybercrime activity is money and presents a high rate of recurrence, a high-impact threat on healthcare companies. These threats commonly seek personally identifiable information (PII) and protected health information (PHI), which may be used for malicious purposes, such as medical identity theft, identify theft, financial fraud, phishing attacks. The information is frequently purchased and put on sale on darknet marketplaces.
Attacks are likewise being performed to access healthcare networks. Then, cybercriminal groups and nation-state groups buy access. For instance, in Feb. 6, 2019, “Jendely” sold access to a U.S.-based medical organization on a Russian-language forum. The advertising actor acquired the domain administrator’s network access made up of 3,000 hosts. The access was auctioned for $9,000 to $20,000 USD.
FireEye researchers additionally recognized attacks that involve cryptomining, malware distribution, and other extortion efforts.
There are also moderately frequent nation-state threats and cyber espionage in healthcare that could have a significant impact. A number of APT groups were seen executing attacks on healthcare companies, which include those connected to China, Vietnam, and Russia. Hacktivism is uncommon in healthcare and the effect is negligible.
FireEye is also warning about the concerted effort of Chinese APT groups to access medical research information. In 2020, China is shifting to universal health coverage, thus it is concerned about growing cancer and mortality rates as well as the cost of giving national medical care. Medical research could help to improve drug research in China, reduce costs, and develop drugs to be released in China before companies in the U.S. that carried out the research.
The report (PDF) is available for download here.