Executive Summary
Over the past several years, cybersecurity attacks targeting the healthcare industry have continued on an upward arc. These attacks are occurring alongside two worrying trends. First, the attack surface has expanded with electronic health records and more use of connected medical devices (e.g., the Internet of Medical Things, or IoMT). Secondly, adversaries have recognized the potential of exploiting older software tied to operational health technology that can be difficult to patch for vulnerabilities, such as compromising an X-ray or MRI machine.
In 2020, reports indicated that cyber-attacks on the healthcare industry more than doubled from 2019, with ransomware accounting for 28 percent of all attacks. While previous healthcare sector cyber-attacks focused primarily on providers, from large hospital systems to smaller private practices, the COVID-19 pandemic exposed vulnerabilities in the entire healthcare sector. Attackers, especially financial cyber criminals, targeted organizations involved in COVID-19 response, such as bio-pharmaceutical companies, university-based.
The purpose of this Threat Brief is to provide an overview of threats LookingGlass has observed from our external attack surface management solution and from regular open-source research and intelligence to support our customers. Healthcare sector organizations can use this Threat Brief to understand adversary/ actor profiles, motivations/objectives, and types of threats and tactics used by adversaries targeting the sector as a whole.
At LookingGlass, we have monitored the healthcare sector since 2009. We believe that understanding one’s cyber vulnerabilities, threats, and threat actors are critical to obtaining a more accurate view of one’s risk exposure. This holistic perspective is necessary for developing incident response plans, implementing mitigations, refactoring compensating controls, and informing adversary management strategies.
