Top Healthcare Cybersecurity Predictions For This Year

January 04, 2024 - As the new year begins, the healthcare sector will undoubtedly continue to grapple with a significant volume of cybersecurity threats and challenges.

The year 2023 saw record-breaking data breach figures, with more than 540 organizations and 112 million individuals being implicated in healthcare data breaches last year, compared to 590 organizations and 48.6 million impacted individuals in 2022.

Amid increasing threats, emerging technology such as generative AI also pose unique challenges to the sector. HealthITSecurity heard from several healthcare cybersecurity experts about their predictions for the year ahead, considering what the sector endured in 2023.

AI Will Remain a Top Emerging Concern, Opportunity

AI presents unique opportunities to automate healthcare processes and improve data analysis, but it also poses uncharted security challenges.

“AI isn’t going anywhere, presenting a huge opportunity to lean into this technology to relieve healthcare provider burnout and improve clinical outcomes, meanwhile also opening up the industry to new risks,” said Carley Thornell, healthcare industry strategist at Akamai.

“For example, phishing campaigns, which have long been highly prevalent in healthcare and life science are becoming increasingly sophisticated with the prevalence of generative AI tools like ChatGPT.”

In 2023, the HHS Health Sector Cybersecurity Coordination Center (HC3) even issued a threat brief to warn the sector of the risk of AI-assisted attacks.

“As the healthcare industry incorporates and innovates solution stacks with Generative AI, so will its adversaries,” noted Mohammed Waqas, CTO, healthcare at Armis.

“AI will help to advance patient care, but we will also start seeing the technology being leveraged increasingly to drive more frequent, sophisticated attacks. It will be crucial in the new year that security and AI pros expedite their own use of the technology, its governance and security in order to better protect their organizations in light of this evolving threat.”

HC3 recommended that healthcare organizations leverage the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework (AI RMF) and MITRE ATLAS, a knowledge base of adversary tactics and techniques targeting AI systems.

Going forward, HC3 urged healthcare organizations to “expect a cat-and-mouse game.”

Sophisticated Cyber Threats Will Continue to Impact Healthcare

In addition to emerging AI-assisted threat tactics, ransomware will continue to impact the sector, experts agreed. In 2023, the majority of data breaches reported to HHS were attributed to hacking.

“While Ransomware as a Service (RaaS) and ‘simpler’ ransomware attacks will continue to target the industry, we will see a rise in much more complex ransomware and other cyberattacks that target particularly the largest healthcare providers,” Waqas predicted.

Bevan Read, senior threat researcher at the Trellix Advanced Research Center, also suggested that threat actors would find innovative new ways to target victims in 2024.

“As ransomware groups are primarily financially-driven, it’s unsurprising to see them find new ways to extort their victims for more money and pressure them to pay the ransom,” Read stated.

“We are starting to see ransomware groups contact the clients of their victims as a new way to apply pressure and combat recent ransomware mitigations. This allows them to ransom the stolen data not only with the direct victim of their attack, but also any clients of the victim who may be impacted by the stolen data.​”

Read predicted that ransomware groups would continue to target organizations that handle sensitive information, such as the healthcare sector, in order to gain leverage over victims.

Software Supply Chain Security Will Prove Crucial

If the past year was any indication, threat actors will continue to target vendors across the software supply chain in 2024. In 2023, hundreds of organizations were impacted by the large-scale exploit of Progress Software’s MOVEit Managed File Transfer (MFT) solution.

“Furthermore, the complexity of MFT systems and their integration into the internal business network often creates security weaknesses and vulnerabilities that can be exploited by cybercriminals. [W]e saw the Cl0P group exploiting the Go-Anywhere MFT solution and the MOVEit breach – turning one successful exploit into a major global software supply chain breach,” said John Fokker, principal engineer at the Trellix Advanced Research Center.

“In the next year, we expect these types of attacks only to increase, with participation from numerous threat actors. Organizations are strongly advised to thoroughly review their managed file transfer solution, implement DLP solutions and encrypt sensitive data at rest to protect themselves.”

As organizations around the world continue to deal with the fallout of the MOVEit breach, they will have to rethink how they secure these tools.

“MFT solutions play a critical role in modern business operations, with organizations relying heavily on them to facilitate seamless data sharing both internally and externally,” said John Fokker, principal engineer at the Trellix Advanced Research Center.

“Any disruption or compromise of these systems can lead to significant operational downtime, tarnished reputations, and financial losses. This makes them highly attractive targets for cybercriminals who are aware of how the potential impact enhances the potency of their extortion demands.​”

While it is impossible to know for sure what is in store for healthcare cybersecurity in 2024, experts agreed that the threat landscape would continue to evolve, requiring fresh approaches from healthcare defenders.