Healthcare in the Cross Hairs: Cybercriminals Have Found Another High-Value Target – Source: securityboulevard.com

Here at ColorTokens, we’ve recently been engaged with a leading cancer center to improve its cybersecurity posture. After phase one of the deployment, they shared with us that the benefit they derived is gaining the peace of mind that their “critical digital operations have the resilience they need to continue to seamlessly deliver patient care even if faced with an attack.”  Earlier this year, we worked with a leading children’s hospital system, as well as a major hospital network, to increase their cybersecurity resilience following earlier breaches.  We achieved this for our customers by deploying zero trust traffic controls using microsegmentation—controls that stop the lateral spread of ransomware inside their digital systems. These recent engagements made me think: could a trend be emerging here? I did a little digging and found that broad data surveys did indeed validate our anecdotal evidence.  

Historically, financial institutions were a primary target for cybercriminals due to the potential to access sensitive accounts and financial information, including customer account details, credit card information, and payment transaction systems. In response to the increasing threats, the financial industry has invested significantly in cybersecurity technologies and processes, making them more challenging targets for criminals.  

As a result, recent statistics show that cybercriminals have turned their attention to a new opportunity: hospitals and clinical healthcare organizations. These systems have become a prime target for ransomware attacks, as they often face life-threatening disruptions that can jeopardize patient care. Healthcare organizations have often found themselves compelled to comply with ransom demands to restore critical services. The American Hospital Association 2024 survey reported that there were 386 successful attacks on hospital systems as of October, with 69% of respondents reporting impact on patient care and 28% reporting higher mortality rates. To validate this finding, we can point to the many recent high-profile breaches of healthcare systems, such as: 

• Ascension Healthcare
• Change Healthcare
• OneBlood
• England NHS
• Cedars Sinai
• CommonSpirit
• Synnnovis
• Clinica Barcelona
• HCA Healthcare
• And many others

While both the financial and healthcare sectors are rich with sensitive data, the nature, motivation, and impact of these attacks differ significantly. Understanding the adversary’s approaches to these targets can be instructive for healthcare leaders in building effective defenses and ensuring resilience. With that in mind, let’s look at a comparative analysis of attacks on financial institutions vs. healthcare organizations.

Why Financial Institutions are Targeted

The financial sector has always been an attractive target for cybercriminals due to the direct connection to money. Banks, credit unions, and investment firms house enormous volumes of sensitive financial data, including: 

• Customer account details
• Credit card information
• Investment portfolios
• Payment transaction systems

The motivations behind attacks on financial institutions are primarily financial gain, as threat actors look to exploit vulnerabilities to steal money, manipulate systems, or demand ransomware payments. Advanced threat groups often utilize sophisticated tools such as:

• Phishing attacks to steal credentials
• Ransomware to freeze critical operations
• Advanced Persistent Threats (APTs) to remain undetected and extract data over time

According to a report by IBM, the financial sector experienced the highest average cost of a data breach in 2023, emphasizing the enormous stakes at play. 

Why Healthcare Organizations are Targeted

Healthcare organizations, on the other hand, have emerged as one of the most vulnerable industries to cyberattacks. Hospitals, clinics, and insurance providers store highly sensitive and personal health data and critical care systems, including:

• Electronic Health Records (EHRs)
• Patient treatment plans
• Insurance details
• IoMT (Internet of Medical Things) devices

For threat actors, healthcare organizations are targeted not just for financial gain but also due to their urgency, critical nature and psychological impact. A successful cyberattack in healthcare can put lives at risk, making organizations more likely to pay ransom demands quickly. Common methods of attack include:

• Ransomware attacks to disrupt patient care
• Data breaches for identity theft and fraud
• Third-party vulnerabilities stemming from vendors and supply chain partners

The healthcare sector also faces additional regulatory challenges. Compliance with HIPAA, HITECH, CMS, JCAHO, and other cybersecurity mandates means breaches not only cause operational disruption but also result in significant legal and financial penalties.

Key Differences Between Financial and Healthcare Cyberattacks

Similarities in Cyberattack Methods

 
Despite the differences, both financial and healthcare sectors face similar types of attacks, including: 

• Phishing and Social Engineering: Human error remains a critical weak link across both industries.
• Ransomware Attacks: Cybercriminals increasingly target organizations with ransomware, locking critical systems and demanding payment.
• Insider Threats: Employees, whether malicious or negligent, pose significant risks to sensitive data.
• Third-Party Risks: Both industries rely heavily on third-party vendors, increasing the attack surface and exposing organizations to supply chain vulnerabilities.

The Stakes: Money vs. Lives

 While financial institutions are highly focused on protecting monetary assets and maintaining customer trust, healthcare organizations carry an additional burden: human lives. A ransomware attack on a bank might disrupt transactions and cause financial chaos, but a similar attack on a hospital can delay treatments, disrupt surgeries, and compromise patient safety. A notable example is the 2021 ransomware attack on a U.S. hospital chain that forced several facilities to turn away emergency patients, illustrating the life-and-death consequences unique to healthcare.

Why Are Breaches Continuing Despite Significant Investments in Perimeter Defenses?

We continue to see reports of breaches that result in the loss of continuity of patient care and access to critical applications like Electronic Health Records. This is despite investments in important perimeter defense solutions such as smart firewalls, Endpoint Detection & Response (EDR), Secure Access Service Edge (SASE), Zero Trust Network Access (ZTNA), and Network Access Controls (NAC).

We found that each case’s initial attack method differed when we examined the recent incidents cited earlier, such as Ascension, Change Healthcare, and others.  But all the attacks shared one thing in common: After the initial penetration of the perimeter defenses, the ransomware or malware attack spread through lateral movement within the enterprise landscape until it reached the point of critical impact on the hospitals’ digital operations.  Stopping the lateral movement of ransomware can prevent a breach from becoming a crisis, with a multi-million dollar impact on revenue and degradation of patient care. At ColorTokens, our mission is to empower our clients to stop this lateral spread by enforcing zero-trust traffic policies in a very granular and easy-to-manage way.

The Importance of Cyber Resilience

Achieving true cyber resilience goes beyond prevention; it includes breach readiness, response plans, and recovery strategies.

• Zero Trust Architectures: Implementing microsegmentation to prevent lateral movement of ransomware across network assets and resources.
• Incident Response Plans: Ensuring quick containment and remediation of breaches.
• Third-Party Risk Management: Continuously assessing vendor security and compliance.
• Regular Training: Educating employees to recognize and respond to phishing and other attacks.
• Backup and Recovery Solutions: Ensuring systems can be restored quickly after an attack. 

Conclusion: Being Breach-Ready is Critical

While the motivations and impacts of cyberattacks on financial institutions and healthcare organizations differ, both sectors share a common need for robust cybersecurity measures. Financial institutions must focus on safeguarding monetary assets and trust, while healthcare organizations must prioritize operational continuity to protect lives.

By investing in proactive security strategies, breach readiness, and advanced technologies like microsegmentation, organizations in both sectors can enhance their resilience against an ever-evolving cyber threat landscape.

Cyberattacks will not stop, but with the right approach, healthcare organizations can ensure they are prepared to respond, recover, and thrive in a digital world.

As our client told us at the leading cancer center, you too can gain peace of mind because your critical digital operations have the resilience needed to continue patient care even in the face of an attack.

Want to learn more about building breach-ready resilience for your healthcare organization? Explore how solutions like ColorTokens Xshield empower your organization to safeguard critical assets and operations. To learn more, go to Breach Readiness for Hospitals & Healthcare Providers – ColorTokens  or schedule a conversation with our expert solutions team at Contact Us | ColorTokens Zero Trust Security

The post Healthcare in the Cross Hairs: Cybercriminals Have Found Another High-Value Target appeared first on ColorTokens.

*** This is a Security Bloggers Network syndicated blog from ColorTokens authored by Bob Palmer. Read the original post at: https://colortokens.com/blogs/healthcare-cybersecurity/