Healthcare Industry Targeted by Cybercrime

The healthcare industry has proven an irresistible target for cyberattacks. In 2023, there were 136 publicized attacks, a 134% increase from the year before.

But why is the healthcare industry targeted so frequently?

This is driven by the sensitive data it maintains and its large attack surface. At the most basic level, healthcare organizations possess troves of highly valuable and sensitive data. These include detailed medical records, financial information, and other personally identifiable patient details that can be exploited or sold at a premium by attackers.

The digitization of health records and services has vastly expanded the attack surface available to cybercriminals. Many healthcare systems rely on aging legacy technologies and outdated software, which are especially susceptible to malicious attacks.

Exacerbating this, the COVID-19 pandemic forced the rushed adoption of digital and remote healthcare delivery often without proportional investments in cybersecurity. Consequently, attacks have surged as criminals actively attempt to exploit vulnerabilities.

Most alarmingly, a tactic called “image extortion” has emerged involving the encryption and threatened release of sensitive patient scans and medical images unless ransoms are paid. The resulting reputational damage to healthcare institutions and psychological distress caused to patients compounds the violation of patient privacy.

Most ransomware attacks on healthcare facilities, organizations and networks cause significant disruption to daily functionality. Over the past few years there have been a number of high-profile incidents which have made headlines due to the consequences and fallout of falling victim to a ransomware attack.

One significant attack targeted Prospect Medical Holdings, a healthcare organization with 16 hospitals, 11,000 affiliated physicians, and 18,000 employees. The attack, which began on August 3, caused widespread disruption to both inpatient and outpatient operations.

The Rhysida ransomware gang claimed responsibility, accessing systems from July 31 through August 3, affecting personal and health information, including names, addresses, diagnoses, lab results, medications, treatment information, and in some cases, social security numbers, driver’s license numbers, and financial information.

In another notable incident, the REvil group targeted a prominent UK-based cosmetic surgery clinic, called The Hospital Group, threatening to release intimate photos of celebrities and patients. They claimed to have acquired 900 gigabytes of patient photographs, affecting individuals who had endorsed the clinic, including public figures and reality TV stars.

While it’s challenging to directly link ransomware to fatalities, there have been instances where cyberattacks on medical facilities have disrupted operations, leading to life-threatening treatment delays.

One such case involves the Springhill Medical Center in Alabama, where a ransomware attack significantly impacted hospital operations. During the cyberattack, vital IT systems were disabled, including those monitoring fetal heart rates. This resulted in a tragic situation where a baby, born under distress with the umbilical cord wrapped around her neck, suffered severe brain damage, and sadly passed away nine months later. The baby’s mother filed a lawsuit alleging that the attack prevented healthcare providers from accessing crucial data, which could have led to a quicker decision to perform a cesarean section and potentially saved the baby’s life.

Another incident occurred at the Düsseldorf University Clinic in Germany. A patient died due to a treatment delay caused by a ransomware attack. The hospital’s IT systems were encrypted, leading to a critical care delay as the patient had to be transferred to another hospital. In an unusual turn of events, the attackers withdrew their demand and provided a decryption key after the police explained the situation. However, the delay had already resulted in fatal consequences. This case is considered the first death directly linked to a ransomware attack on a healthcare facility.

Anti data exfiltration (ADX) technologies such as BlackFog serve as a significant asset for comprehensive HIPAA risk management and compliance. By preventing unauthorized access, use, or disclosure of protected health information (PHI), BlackFog directly meets core HIPAA Security Rule requirements:

Access Control and Audit Controls (164.312(a)(1) and 164.312(b)): BlackFog enforces specific access controls and generates thorough audit logs that track access to PHI. It also detects policy violations or potential breach incidents.

Risk Analysis and Risk Management (164.308(a)(1)(ii)(a) and 164.308(a)(1)(ii)(b)): BlackFog monitors endpoint activity and behaviors, utilizing analytics to identify risks to PHI and enable proactive mitigation in line with HIPAA risk management requirements.

Additionally, as an extra security layer that works in conjunction with antivirus tools, BlackFog addresses critical gaps, such as data exfiltration, often left unmanaged in healthcare environments.

Through multilayered monitoring, management, and behavioral analytics aimed at stopping data exfiltration, BlackFog stops the principal data security threat vector. This helps covered companies demonstrate systematic PHI safeguards, as mandated by HIPAA. By doing this, healthcare institutions may keep patients’ trust while averting costly and disruptive security problems.