October was an alarming month from a threat perspective in the healthcare sector, Clearwater’s Dave Bailey, VP of Security Services, said in the company’s monthly cyber briefing held on November 6. There was a 67 percent increase in the number of reported and claimed ransomware attacks in October compared to September. Bailey indicated that there were no updates to the breach portal since October 1, which he attributed to the government shutdown and the database not being updated.
Bailey referenced the recent study by Proofpoint and the Ponemon Institute, which found that 72 percent of healthcare organizations experienced disruptions to patient care due to cyberattacks such as ransomware and cloud breaches. This, he said, underlined the range of impacts from cyber-attacks. “These attacks continue to disrupt operations, delay patient care, and expose millions of records.”
Bailey highlighted the 30 advisories released by CISA in October, related to vulnerabilities in industrial control systems and medical devices. Vulnerabilities such as out-of-bounds writes, missing authentication, and OS command injections were found across various vendor products. According to Clearwater, these weaknesses pose a direct threat to the security and reliable operation of affected medical devices. Furthermore, the identified vulnerabilities have a high potential for exploitation by malicious actors, which could lead to unauthorized access, data manipulation, denial-of-service attacks, or even direct harm to patients through compromised device functionality.
Data theft is the critical component, Bailey noted. “We are starting to see many of these groups abandoning the encryption and just going to the extortion aspect of it.” Bailey added, “While there may be global trends of ransomware that are trending downward, there is a geographic concentration of increased ransomware activity. The U.S. remains the top country with the highest number of ransomware attacks on healthcare organizations.” “We are leading that trend globally. The sector is under attack.”
Bailey indicated that vulnerable health systems may lack dedicated cybersecurity teams. They heavily depend on unsafe, unsegmented, and legacy systems, and they also handle a very high volume of patient data, he stated.
Bailey encouraged the audience to explore the Sector Mapping and Risk Toolkit published by the Cybersecurity Working Group. The tool provides templates and a methodology to visualize and assess systemic risks from third-party technology, software, and communications.
