AI, Ransomware Remain Prevalent in Evolving Cybersecurity Landscape

July 20, 2023 - Healthcare organizations face an uptick in cyber threats, as malicious actors turn to tools like ransomware, artificial intelligence (AI), and Internet of Things (IoT) attacks. These threats are becoming increasingly significant in the dynamic cyber threat landscape, a Trustwave SpiderLabs report revealed.

The report, "Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape," provides insights and practical strategies to address the specific threats faced by healthcare organizations.

Notably, breaches of personal health information (PHI) are on the rise, with more than 28.5 million healthcare records compromised in 2022, a jump from 21.1 million in 2019, as reported by the US Department of Health and Human Services.

The financial repercussions of a data breach in healthcare are also markedly higher than in other sectors. Data from IBM indicates that the average cost of a healthcare data breach in 2022 stood at $10.1 million, surpassing the overall industry average of $4.4 million by a considerable margin.

Furthermore, the implications of cyberattacks extend beyond financial damages. The healthcare sector's sensitive nature translates into potential severe outcomes in the event of breaches. Motivated by financial gains, threat actors are continuously adapting their methodologies, striving to stay one step ahead.

Interestingly, despite the dynamic nature of these cyberattacks, the underlying tactics are consistent. Traditional methods like phishing, exploiting known vulnerabilities, and compromising third-party vendors persist as substantial threats even while new threats emerge.

Aadvanced technologies like generative AI and large language models (LLMs) being brought into healthcare processes have introduced new risks, including intricate social engineering attacks, internal data breaches, and vulnerabilities via third-party vendors.

Third-party vendors, often crucial to healthcare operations, can be particularly precarious, as the use of generative AI and LLMs in their products could lead to potential loss of control over patient data. To counter these risks, healthcare organizations should evaluate security solutions capable of detecting AI-generated threats and implement robust data usage and sharing policies.

Meanwhile, ransomware attacks are escalating. Cybercriminals exploit system vulnerabilities to encrypt vital patient data and demand ransoms, often using double-extortion tactics. The most prevalent ransomware groups targeting healthcare today are LockBit 3.0, ALPHV/BlackCat, and Clop, as noted by Trustwave SpiderLabs.

Organizations are advised to routinely conduct mock phishing tests, implement secure password practices, and utilize vulnerability assessments. These preemptive steps provide a robust defense against cyberattacks.

Healthcare's increasing interconnectedness via Internet of Things (IoT) devices adds another layer of complexity.

The discovery of two reflected XSS vulnerabilities in third-party software for Canon Medical's Vitrea View exemplifies the risks associated with third-party vendors and IoT devices. In this case, exploitation of these vulnerabilities could allow unauthorized access to patient information, stored images, and scans, or potentially manipulate data.

IoT vulnerability was also found in the Sinilink Wi-Fi-connected thermostat, further emphasizing the urgency for IoT system developers to establish robust and secure protocols.

Despite the threats, it's clear that advances in AI and digital technologies are here to stay. The challenge for healthcare organizations lies in governing the use of these tools effectively while avoiding wide-ranging prohibitions.

The report offers a set of actionable recommendations to manage and mitigate risks. These include conducting regular audits of all applications in the system to prevent the unintentional introduction of vulnerabilities through custom applications. A detailed whitelist of applications on selected hosts is also suggested to reduce exposure and thwart malicious actors from infiltrating harmful commands through seemingly legitimate applications.

Furthermore, tightening restrictions on privileges can safeguard against unauthorized execution of varying shells from unprivileged sources. These are pragmatic steps that healthcare organizations can adopt to secure their systems, demonstrating an understanding that vigilance and proactivity are key in today's intricate threat landscape.