Why are healthcare systems such an easy target?

We all know that cybersecurity threats are shape-shifting, but when it comes to the highly targeted, high-grade recent attacks on healthcare, there are surefire lessons to be learned.

This is for good reason: Critical incidents are in freefall.

From laboratory service providers in London to 140 hospitals across 19 states in the U.S., procedures for patients have been canceled and rescheduled in the last few weeks due to ransomware attacks.

Attack after attack makes it clear that the true malaise at the core of these attacks is ransomware. So, what key threat trends do CISOs need to be mindful of?

Medical-Grade breaches result in casualties all around

Ransomware gangs and relentless attacks go hand in hand. But within these unrelenting blitzes on government and private healthcare systems, key patterns are emerging.

The Black Basta ransomware group is making waves with its influential ransomware tactics, and CISOs should be aware of key patterns. What once was considered a hands-off target is now very much on the menu.

Take the Black Basta strategy.

It primarily targets U.S. victims, having infected 500 organizations globally as of May 2024 (CISA has released this advisory note last month). With identified ransom earnings surpassing $107 million, Black Basta ranks among the world's leading ransomware profiteers over the past two years, standing shoulder to shoulder with notable big names like LockBit, Conti and Hive.

Black Basta’s strategy, which sets it apart from these other key players, is that it targets higher ransomware payouts, which goes hand in hand with its aggressive targeting of the healthcare sector in 2024. There is so much more at risk when it comes to excessive amounts of PII patient data, and therefore so much more to squeeze out in terms of ransom payouts.

CISA has advised the healthcare industry to take note of their approach: “Healthcare organizations are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information and unique impacts from patient care disruptions.”

CybelAngel’s take on ransomware trends to watch closely in 2024

In 2023, CybelAngel identified and tracked 62 active ransomware groups involved in over 5,000 known and reported attacks across 132 countries.

Here are the key incident management trends you need to know to protect your company.

1. Ransomware incidents are underreported: More companies opt to pay the ransom and assume the associated risks instead of addressing the underlying problems and identifying the vulnerabilities in the first place. Take notes! To significantly reduce this threat, be proactive with your cybersecurity strategy.
2. Data, cloud shares and database exposure are the target: As Ransomware-as-a-Service (RaaS) gains popularity, attackers are exploring methods, such as data alteration and leveraging increased computing power, in their ransomware attacks. What CISOs should be doing is prioritizing external attack surface management to secure their data. Find out if your business is at risk of ransomware by requesting a free exposure scan.
3. New tactics include double extortion: Hackers are now making backups of the data they steal and threaten to make the information public as well. This forces companies to pay a “double ransom” to retrieve their systems and avoid having confidential information leaked, doubling the cost of a data breach, while also complicating the disaster recovery process. CISOs should enter the lair of the cybercriminal with a solid Dark Web Monitoring solution to ensure that dark web strategies are not focusing on their company.

With this in mind, what practical tips can CISOs rely on as these threats evolve?

Where Can CISOs Get an Edge on These Threats?

Here are the recommendations that CISA endorses for mitigating these threats leveled at the healthcare industry.

1. Install updates for operating systems, software and firmware as soon as they are released.
2. Require phishing-resistant multi-factor authentication (MFA).
3. Implement recommendations, including training users to recognize and report phishing attempts. 
4. Secure remote access software by applying mitigations.
5. Make backups of critical systems and device configurations.

There are also encouraging trends in dealing with ransomware attacks.

According to CybelAngel data, organizations that relied on physical backups had a notable edge, with 45% of them rebounding from attacks within just a week. In contrast, only 39% of those opting to pay the ransom saw recovery in the same period. Alocating funds toward proactive services that pinpoint vulnerable data points could represent a mere fraction of the average annual recovery expenses, costing less than 8%.

Can your external attack surface be protected against ransomware attacks?

Cybersecurity leaders at the top of their game lead best when they can seamlessly defend and monitor enterprise priorities. But to do that, they need external visibility to monitor the deep and dark web, in their increasingly multifaceted role.

Enter CybeAngel, an EASM tool, that allows you to protect your business to secure your digital activities against cyberattacks and cyber breaches.

Find out more about how CybelAngel can help defend your business against cyberattacks.