Security News

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra's Medical IoT Survey of healthcare IT professionals. Medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices.

Confidential computing aims to protect data while it's in transit, in use and at rest, combating attackers who use memory scraping to infiltrate data in use. Confidential computing has several applications within the healthcare field.

As we look to expedite applying cybersecurity to protect the field of medicine and its evolving cyber-physical nature, patient safety should be our guiding star. Healthcare organizations already understand the priority; patient safety and the Hippocratic Oath guide the work of medical professionals.

The U.S. Department of Health and Human Services warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center, HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.

Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. "The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions," comments Dirk Schrader, VP of Security Research at Netwrix.

Finally, Microsoft disclosed that Vice Society uses multiple ransomware families in attacks, including BlackCat, Quantum, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware. We also learned more information about new and existing ransomware attacks, such as an alleged 60 million LockBit ransomware demand on Pendragon, Hive claiming the attack on Tata Power, Medibank warning that the hackers accessed all customers' personal data, a ransomware attack on the Indianapolis Housing Agency, and Australian Clinical Labs disclosing that patient data was stolen.

The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents. These documents might contain sensitive personal and medical data of patients of healthcare providers using the company's systems.

Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations. In a recent advisory, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services said the group has attacked multiple entities since at least June, deploying ransomware to encrypt data on servers used for a range of services, including electronic health records, diagnostic, imaging, and intranet services.

While knowing full well that human lives may be at stake, criminal gangs have been increasingly targeting the healthcare sector with high-impact attacks like ransomware. Healthcare providers should set up numerous layers of defense for a variety of email-borne threats.

Cybersecurity measures are increasingly failing to close gaps, and the healthcare industry, in particular, has become a high-dollar target due to limited budgets and quick ransom pay-offs. In this Help Net Security video, Maureen Kaplan, Chief Revenue Officer at SilverSky, discusses how attackers are now narrowing their focus from larger healthcare systems to smaller hospitals and specialty clinics to more easily retrieve patient data and use it for launching fraud and identity theft.