Jakub Jirsák - stock.adobe.com

Healthcare faces triple cyber threat, says FireEye

Criminal and nation-state cyber attackers are increasingly targeting the healthcare industry to steal data, carry out espionage and cause disruption, a report reveals

The healthcare sector faces a range of threat actors and malicious activity that can be grouped into three main goals, say researchers at security firm FireEye, who urge the industry to gear up to bolster its cyber defence capabilities.

Due to the critical role that the health sector plays within society and its relationship with patients’ most sensitive information, the risk to this sector is especially consequential, according to FireEye’s report, Beyond compliance: Cyber threats and healthcare.

In targeting the sector, cyber criminals are seeking to steal personally identifiable information (PII) and protected health information; nation states carry out intrusions to steal valuable research and mass records for intelligence-gathering purposes; and disruptive threats such as ransomware have the potential to wreak havoc among hospital networks and impact the most critical biomedical devices and systems, the report said.

To move beyond compliance with current regulations and address the ever-changing threat landscape, the report recommends that healthcare organisations use threat intelligence to understand these threats as they continue to evolve, and minimise risks appropriately.

Focusing on data theft, the report said financially motivated threat activity represents a high-frequency, high-impact threat to healthcare organisations. Cyber crime actors may conduct focused intrusions into specific targets that house, or have access to, valuable patient records and data, or carry out opportunistic targeting of poorly secured organisations and networks.

As well as directly selling data stolen from healthcare organisations, cyber criminals also often sell illicit access to these organisations in underground markets, the report said.

This activity, the report warned, can enable other actors to perform post-exploitation activity, such as obtaining and exfiltrating sensitive information, infecting other devices in the compromised network, or using connections and information in the compromised network to exploit trust relationships between the targeted organisations and other entities to compromise more networks.

Read more about cyber espionage

Alongside data theft by cyber criminals, cyber espionage campaigns pose a lower-frequency, but still noteworthy impact risk to healthcare organisations, particularly those focused on cancer research, the report said.

“Much of what FireEye has observed from such threat actors – particularly those with a nexus to China – appears to driven by an interest in acquiring medical research and collecting large data sets of information, potentially for the purposes of fostering intelligence operations,” it said.

In addition to the theft of data, criminals and nation states continue to present a threat to continuity of operations for healthcare providers through targeted activity such as ransomware and widespread nation state-originated threats such as WannaCry, which pose threats to poorly secured infrastructure.

“Ransomware or extortion campaigns are likely to be perceived as especially useful against this sector, as they could limit access to patient or health information or disrupt critical care, potentially leading to an increased success rate and higher payouts for actors,” the report said.

Read more about OT/ICS security

  • Cyber attackers specialising in industrial control systems are fast, efficient and able to move between IT and OT environments, a study has revealed.
  • Cyber threat to industrial control systems highest yet.
  • Airbus is helping to drive the cyber security market for industrial control systems used throughout industry, including many providers of critical national infrastructure.
  • There is a pressing need to improve cyber security in industrial control system environments, according to security certification body Crest.

Similar to operational technology (OT) networks within critical infrastructure, security organisations within healthcare providers face difficulties in maintaining visibility of threats targeting these systems, said the FireEye researchers.

“Looking forward, the increasing number of biomedical devices used for critical functions within hospitals and healthcare providers presents a growing security challenge,” they added.

Because of the wealth of data that healthcare providers hold, breaches and compromises can have far-reaching consequences for consumers, and the valuable research being conducted within some of these institutions continues to be an attractive target for nation states seeking to leapfrog their domestic industries, the report noted.

“Looking forward, as biomedical devices increase  in usage, the potential for them to become an attractive target for disruptive or destructive cyber attacks – especially by actors willing to assume greater risk – may present a more contested attack surface than today,” the report concluded.

Read more on Hackers and cybercrime prevention

Data Center
Data Management