In today’s world, IT operations are becoming more and more decentralized. And this shift makes things particularly complicated for those in the healthcare sector, like health clinics, nursing homes, and other healthcare providers.
On one hand, we have an improved patient experience. Patients can now get healthcare services from the comfort of their own homes, and healthcare providers can monitor and manage patient well-being remotely. But this has become a double-edged sword.
The very advancements that empower healthcare providers to extend their reach and improve patient experiences also create a broader attack surface for cyber threats.
In this blog, we’ll dive into the current threat landscape in healthcare and offer up some defense strategies to guide healthcare entities in strengthening their cybersecurity posture.
Understanding the Threat Landscape
Healthcare has become a prime target for cyber threats. And it seems like every cybercriminal wants a piece.
In the last few months alone, we’ve seen a rise in ransomware attacks targeting hospitals and the healthcare industry experiencing a 167% increase in advanced email attacks. Not only do these threats pose financial risks, but they’re also causing tangible harm to patient care. A prime example of this is a recent ransomware attack that diverted ambulances from hospitals.
What’s worse, the healthcare sector faces threats that go beyond extortion to hacking and leaking sensitive patient data. The emergence of hack-plus-exfiltrate tactics, as witnessed in incidents like the one in Finland, raises concerns about the privacy and security of patient information.
State-sponsored entities, often referred to as advanced persistent threats (APTs), also add another layer of complexity. The infamous Anthem intrusion of 2015 exposed the personal information of nearly 80 million individuals, showcasing the global reach and motivations of state-sponsored adversaries.
As the healthcare industry holds more valuable data—including personally identifiable information (PII), protected health information (PHI), or intellectual property related to medical devices and pharmaceuticals—it remains a consistent target. And it’s clear that attackers have thrown out their moral code to target lucrative industries like healthcare, which is having a direct impact on patient outcomes.
Evolving Adversary Tradecraft
Before we can dive into how to counteract these threats effectively for the healthcare sector, it’s important to understand the evolving techniques and tradecraft of today’s adversaries.
Hackers are mastering the art of disguise. They’re getting better at blending into normal IT operations, making detection even more challenging. As we found in our SMB Threat Report, threat actors are attempting to hide within the noise of legitimate network operations and exploiting built-in system functionality for malicious purposes in their intrusions.
In some cases they’re relying on custom malware (44% of intrusions), but we’re also seeing a significant amount of non-malware tactics, like living-off-the-land binaries (LOLBins) and abuse of existing scripting frameworks, which together make up 56% of intrusions.
With these “malware-free” approaches, that means simply relying on spam filters or anti-malware solutions just isn’t going to cut it anymore. It’s going to be much more important to have visibility across the entire environment, not just on the perimeters, to reveal the threats that are hiding in plain sight.
Along the same lines, adversaries are also operating like "wolves in sheep's clothing," utilizing legitimate applications for malicious purposes to evade detection. For example, take how threat actors are abusing remote monitoring and management (RMM) software.
RMM tools—often legitimately used by managed service providers and IT teams to monitor devices across a network—are being exploited by threat actors as alternative command and control mechanisms. We see that in 65% of incidents, RMM and remote control tools were hijacked by adversaries.
This shift from custom tooling to leveraging widely available tools makes it challenging to weed out legitimate from malicious activity.
Building a Resilient Defense for Healthcare Security
In the healthcare industry, where the stakes are exceptionally high, the traditional approach of building large walls and relying on perimeter defenses is no longer sufficient. You must adopt a more proactive, defense-in-depth approach.
A defense-in-depth approach involves creating multiple layers of security defenses to thwart attacks at every stage.
There’s no single layer of security that’ll keep you protected. To solve for this, a defense-in-depth approach involves creating multiple layers of security defenses to thwart attacks at every stage. When you group a series of defenses together—like intrusion prevention, data encryption, threat detection, patch management, etc.—you effectively close the holes that one single solution can’t address.
Pro Tip: Using the NIST Cybersecurity Framework is a great place to start. This framework is designed to help organizations secure their critical infrastructure and improve their ability to identify, prevent, detect, respond, and recover from cyber incidents.
Also, visibility is going to be key for effective defense. And with a layered approach, there are some key tools and solutions that can help provide this visibility, such as:
- Host monitoring
- Endpoint detection and response (EDR)
- Network monitoring
Outside of these tools, there are some actionable steps you can take to level up your cybersecurity posture and stay ready against the threats that are targeting the healthcare sector:
- Security Awareness Training Programs: Educate healthcare staff on the latest security best practices. Regular training sessions can empower employees to be the first line of defense against cyberattacks, and they equip them with the knowledge to make secure decisions.
- Risk Assessments: Take the time to evaluate potential risks to your organization's cybersecurity. This involves identifying vulnerabilities and where you may have gaps in your current protection. From there, you can develop strategies or seek out tools or partnerships to address these gaps.
- Incident Response Planning: Be prepared when the worst happens. A predefined and pressure-tested incident response plan can work wonders in minimizing the impact of a cyberattack. This includes clear protocols for identifying, containing, and mitigating security incidents.
All in all, as healthcare embraces even more advancements, doubling down on cybersecurity is going to become a non-negotiable. By understanding the specific threats you face and adopting proactive defensive strategies, healthcare providers can safeguard patient well-being, uphold data integrity, and stay one step ahead of adversaries.