HC3 Guidance Explores Cyber Threat Actors Targeting Healthcare

June 12, 2023 - The Health Sector Cybersecurity Coordination Center (HC3) issued an educational brief regarding the types of cyber threat actors that target healthcare. Learning the motivations and tactics of these threat actors can help defenders better prepare for cyberattacks.

HC3 defined cyber threat actors as “malicious groups or individuals who aim to exploit weaknesses in an information system, or to exploit its operators to gain unauthorized access to or otherwise affect victims’ data, devices, systems, and networks.”

“They pursue their objectives by exploiting technical vulnerabilities, using social engineering, and by creating, disseminating, or amplifying false or misleading content online to influence individuals’ behavior and beliefs,” the brief continued.

Healthcare is an especially lucrative target due to the fact that health data is valuable on the dark web. For patients and healthcare organizations, this heightens the risk of identity theft, insurance fraud, and legal ramifications.

HC3 provided detailed descriptions of various types of cyber threat actors, including cybercriminals, hacktivists, nation-state actors, cyberterrorists, script kiddies, and insider threats.

Cybercriminals are threat actors that target organizations in the hopes of disclosing compromised data for financial or personal gain. While cybercriminals operate as individuals or in a group for their own benefit, cyberterrorists take things further by targeting systems to disrupt or destroy critical services of a specific sector or nation.

“They are different from cyber-criminals because of their motivation: criminals are motivated by the reward, while terrorists act because of the possible effects,” the brief stated.

On the other hand, hacktivists are individuals who target government entities or organizations within countries that they see as “enemies.” Typically, a hacktivist’s goal is to cause reputational harm to their targets. Examples of hacktivist groups include Lapsus$ and KillNet, both of which have targeted the healthcare sector in the past.

Meanwhile, nation-state actors are individuals or groups that sponsor threat groups so they can launch attacks against foreign governments to advance their geopolitical objectives. Nation-state actors often engage in espionage against governments, disrupting critical systems, and building networks of compromised devices to further their efforts.

HC3 also noted the prevalence of “script kiddies,” who use well-known techniques to exploit weaknesses and launch unsophisticated attacks. These attacks are often motivated by a desire to create chaos, have fun, or seek attention.

“Their attacks are random and with little understanding of the tools they are using, how they work, and the harm they cause,” HC3 added.

Lastly, insider threats may pose a risk to healthcare organizations. Insider threats may be careless or negligent workers, but they also could be disgruntled employees or inside agents.

Cyber threat actors across the board use tactics such as social engineering, distributed denial of service (DDoS) attacks, vulnerability exploits, and ransomware to compromise data and ultimately cause harm to healthcare organizations and their patients. Defending against these threats requires a robust set of cybersecurity controls and a reliable incident response plan.