HC3 Outlines History of Healthcare Cybersecurity From 1980s to Now

March 07, 2022 - As organizations navigate the complexities of the current cyber threat landscape, it is important to take a step back and look at how healthcare cybersecurity has evolved over time. Following this notion, the Health Sector Cybersecurity Coordination Center (HC3) released a comprehensive brief outlining the history of major healthcare cybersecurity events over the past few decades and predictions for what lies ahead.

Cybercrime has existed for decades, but today’s healthcare cyber threat landscape consists of more sophisticated and effective threat actors than ever before. Supply chain attacks, phishing, remote desktop protocol (RDP), and open-source software compromise all pose significant threats to the healthcare sector.

The first-ever ransomware attack occurred in 1989 and was centered around healthcare, HC3 noted. Biologist Joseph Popp distributed 20,000 trojanized floppy disks at the World Health Organization AIDS conference in Stockholm, Sweden. The disks installed malicious codes and eventually demanded $189 from victims in order to regain access to their systems.

But the first truly significant healthcare cybersecurity event occurred in 2014, when Anonymous attacked the Boston Children’s Hospital with distributed denial-of-service (DDoS) attacks. Through 2015 and 2016, threat actors launched a few other notable attacks against healthcare organizations, accessing protected health information (PHI) and demanding ransoms. These types of attacks occur almost daily in today’s cyber threat landscape. 

In May 2017, WannaCry made headlines when it exploited 200,000 systems across 150 countries, including 70,000 British National Health Service (NHS) systems, HC3 continued.

In 2019, high-profile cyberattacks against the healthcare sector began increasing. Ryuk ransomware targeted 400 dental offices via a compromised managed service provider in August, and a ransomware attack aimed at Campbell County Health in Wyoming led to ambulance diversions and canceled surgeries.

Fast-forward to 2020, and ransomware has become an epidemic. Researchers noted spikes in COVID-19 related phishing scams, and McAfee observed an average of 375 COVID-themed cyber threats per minute in Q1 2020, HC3 continued.

In December 2020, the SolarWinds attack occurred and impacted thousands of organizations globally. Cyberattacks remained a primary cyber threat in healthcare in 2021, HC3 observed. Clop ransomware compromised Accellion, causing one of the largest healthcare data breaches of the year. CaptureRX and Scripps suffered high-profile cyberattacks in May 2021.

Also in May, the Colonial Pipeline cyberattack occurred and brought international attention to critical infrastructure security. The Colonial Pipeline attack impacted thousands of miles of the US fuel supply chain and pushed President Biden to issue an executive order on improving the nation’s cybersecurity.

The May 2021 cyberattack on the Irish Health Service Executive (HSE) devastated the HSE’s systems and served as a cautionary tale for healthcare organizations worldwide.

Avaddon, BlackMatter, and REvil/Sodinokibi ransomware groups posed major threats to the healthcare sector in 2021 as well. The year ended with the discovery of the Apache Log4j vulnerabilities, which sparked cybersecurity concerns across all sectors.

“What does all this mean for healthcare cybersecurity for 2022 and beyond?” HC3 asked.

HC3 reasoned that these existing trends will continue into 2022, and healthcare organizations should prepare by implementing technical safeguards.

Specifically, HC3 recommended focusing on defending against phishing and locking down remote access technologies. In addition, healthcare organizations should prioritize vulnerability management and operate with cyber resilience in mind. Organizations should protect their internal infrastructure, but also put more emphasis on protecting the supply chain and individual software components.

Most importantly, healthcare entities should remember that “the cybercriminal ecosystem is resilient,” and that “as long as there are victims to compromise, there will be someone willing to try.”