Cyber Threats in Healthcare? Yes, You Are at Risk!

By Errol S. Weiss, Chief Security Officer at Health-ISAC

Picture it: You’re on your way to the emergency room near your home when, suddenly, the ambulance changes direction. The driver has been redirected to the next-closest hospital—30 miles away. Why? Your local hospital was just hit with a ransomware attack and the IT systems are down, leaving the staff scrambling and unable to accept new patients.

Sounds like fiction, right? Unfortunately, ransomware is the number-one threat that concerns cybersecurity professionals in the healthcare sector. And for good reason. Ryuk, just one of many ransomware variants, has been linked to more than 200 attacks impacting hospitals, public health departments, nursing homes, and patient care facilities around the world since 2018.

The attacks resulted in the loss of IT systems that support modern hospitals. That loss meant cancelled surgeries, delayed medical care, and more consequences. Hospitals reported revenue losses of nearly $100 million due to Ryuk infections. The attacks also caused an estimated $500 million in response costs, such as ransomware payments, digital forensic services, security improvements, and upgrades for impacted systems.

Ryuk attacks have:

• Forced ambulances to divert, causing a 90-minute delay in emergency patient services
• Disrupted delivery of chemotherapy treatments for cancer patients
• Forced hospitals to cancel elective procedures
• Caused delays in reporting of laboratory results
• Caused delays in scheduling appointments for maternity and oncology patients
• Caused more than three weeks of downtime for electronic health record systems
• Impacted systems at nursing homes, making patient records unavailable and preventing pharmaceutical orders
• Leaked sensitive patient data including treatments, diagnoses, and other information for hundreds of thousands of people

That's the ransomware nightmare. But there's more.

In the fourth quarter of 2021, Health-ISAC completed a survey and ranked the top five “greatest cybersecurity concerns” facing healthcare organizations:

1. Ransomware Deployment
2. Phishing/Spear-Phishing Attacks
3. Third-Party/Partner Breach
4. Data Breach
5. Insider Threat

While cyber criminals looking to monetize their attacks are certainly a large threat vector, let's not forget about nation-state actors. Nation-state threats against the healthcare sector continue to increase in impact and scope. Many of the attacks are sophisticated and difficult to detect. Nation-states have long-term intelligence collection goals and operate with extreme caution and patience toward their objectives.

During the early days of the COVID-19 pandemic, nation-state threat actors used cyber espionage to gather treatment and vaccine research in the hopes of protecting their own populations. While many countries engage in sophisticated cyberattacks, including espionage and theft of intellectual property, some use ransomware and destructive malware attacks to obtain cash. As circumstances such as global sanctions continue to impact the economic conditions in these countries, US currency becomes highly useful to enable underground trade.

For more details about the cyber threat landscape in healthcare, read the full report: Current and Emerging Healthcare Cyber Threat Landscape Executive Summary. And don’t miss my session, Scoping the Cyberthreat Landscape, on Monday, October 10 at AHIMA22 in Columbus.