Health-ISAC Annual Threat Report Sheds Light on Healthcare Cyber Threat Landscape

April 03, 2023 - Health-ISAC released its annual threat report, providing insight into how healthcare cybersecurity experts view the current cyber threat landscape.

More than 280 executives across Health-ISAC, CHIME, and the Health Sector Coordination Council (HSCC) responded to a survey asking them to rank the top five “greatest cybersecurity concerns” facing their organizations.

Respondents identified the following as their top five threats:

1. Ransomware Deployment
2. Phishing/Spear-Phishing Attacks
3. Third-Party/Partner Breach
4. Data Breach
5. Social Engineering

Health-ISAC issued the report with the intent of influencing healthcare cybersecurity budget and investment decisions, providing a detailed overview of specific threats that face the sector.

“To protect healthcare organizations, security teams and senior leadership need to know the groups targeting the healthcare sector; the tools and methods they are using to do so; and recent successful attacks,” the report stated.

“Such knowledge is essential to formulating an effective information security and overall risk strategy that should also influence training, security roadmaps, and other facets that compose the industry’s cybersecurity posture for 2023 and beyond.”

Analysts cited the growing threat of ransomware-as-a-service (RaaS) gangs and rising geopolitical tensions as threats to pay attention to in the next year.

“The health sector is also a lucrative target for nation-state backed threat actors (also known as Advanced Persistent Threats or APTs) due to the vast amount of sensitive information organizations within this sector must safeguard, including intellectual capital, Protected Health Information (PHI), Personally Identifiable Information (PII), and informational and operational technologies,” the report continued.

Additionally, the report pointed out the importance of medical device security, which continues to be a pain point for healthcare security experts. Health-ISAC recommended that organizations mitigate medical device security risks by performing risk assessments, applying patches and updates when available, and engaging caregivers to understand safety implications and develop care contingency plans to account for cyber risk.

Health-ISAC predicted that the growing threat of product abuse and synthetic accounts would plague the healthcare industry in 2023. Web login portals and APIs remain easy targets for threat actors, and adversaries are increasingly leveraging fake accounts and credit profiles to bypass identity checks and increase their success rates.

“Although most organizations understand that threat actors can target sensitive data through access to internal systems, abuse against third-party systems, email accounts, and customer-facing products widen the scope for abuse,” the report explained.

“Customer-facing products are routinely targeted by attacks designed to extract data with crimeware that threat actors have customized to look and feel like a legitimate customer—whether a consumer, industry practitioner, or third party. Preparing for these attacks require properly aligned controls at the network, application, authentication, and risk layers to protect organizational data and reduce the risk of credential stuffing, account takeovers, carding attacks, and unhealthy account creation.”

Health-ISAC credited its member community for playing a vital role in threat sharing and improving the security of the sector together.

.