Security News

The rate of data encryption following a ransomware attack in healthcare was the highest in the last three years, according to Sophos. Only 24% of healthcare organizations were able to disrupt a ransomware attack before the attackers encrypted their data-down from 34% in 2022; this is the lowest rate of disruption reported by the sector over the past three years.

The BlackCat ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022.

Once they gain access to a healthcare organization's system, cybercriminals can utilize AI to analyze large datasets, allowing them to gather valuable data, such as patients' personal identifiable information, for identity theft, fraud, or ransomware attacks. AI-powered attacks can exploit vulnerabilities in medical devices, compromise electronic health records, or disrupt critical healthcare services - forcing organizations to quickly revert to paper systems and human intervention for equipment monitoring or record exchanges.

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code...

Please turn on your JavaScript for this page to function normally. The proliferation of connected medical devices in hospitals demands a holistic approach to cybersecurity beyond just the digital IT realm.

The average total cost of a cyberattack experienced by healthcare organizations was $4.99 million, a 13% increase from the previous year. Among the organizations that suffered the four most common types of attacks-cloud compromise, ransomware, supply chain, and BEC - an average of 66% reported disruption to patient care.

Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Like many other critical infrastructure organizations, healthcare delivery organizations are becoming increasingly interconnected as they adapt to the reality of digital transformation.

While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to Critical Insight. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers' strategies from encryption to extortion.

While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care. We also saw additional reports on ransomware about TargetCompany, code leaks impacting the RaaS ecosystem, and a new threat actor using a customized version of Yashma ransomware.

After nearly two decades of my career leading a cybersecurity office, people, vendors, stakeholders and budgets in public health administration as well as in the private healthcare sector, I find that the industry is particularly vulnerable to cyberattacks. Healthcare organizations have experienced a spike in attacks often due to inadequate security, the high likelihood to quickly consort to attackers' payout demand, and sheer value of patient records that they possess.