HC3 Raises Awareness of Diverse Threat Actors Targeting the HPH Sector
The HHS’ Health Sector Cybersecurity Coordination Center has issued a threat brief to highlight the types of cyber threat actors that target the health and public health sector (HPH), and their differing objectives, tactics, techniques, and procedures.
The HPH sector is a relatively easy target for cybercriminals compared to other industry sectors. There is a complex supply chain involving many different vendors, a large attack surface with many IoT and IoMT-connected devices that are difficult to secure, reliance on outdated software and operating systems that have reached end-of-life, and HPH sector organizations often find it difficult to recruit and retain skilled cybersecurity staff.
HPH sector organizations also store large quantities of data that can be easily monetized and used for a range of nefarious purposes such as identity theft, blackmail, and insurance fraud. Since the sector is highly regulated, there are often costly legal ramifications for healthcare organizations that suffer data breaches, and successful attacks can cause significant reputational damage which makes the HPH sector an ideal target for extortion. Nation-state actors often target HPH sector organizations to steal research data to gain a technological advantage and collect sensitive data and cause disruption in line with national priorities.
The HPH sector is targeted by financially motivated cybercriminals, politically motivated hacktivists, and nation-state actors, malicious insiders for financial gain or retaliation, cyberterrorists who wish to cause harm, and script kiddies who seek attention, want to create chaos, gain kudos within the hacking community, or simply have fun. Regardless of the threat actor, the attacks can have serious financial and reputational implications and often put patient safety at risk.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While the motivations behind healthcare cyberattacks are varied, there are common initial access vectors that are used by the different types of threat actors. Phishing and social engineering attacks exploit human weaknesses to gain initial access to healthcare networks and sensitive data. Vulnerabilities in software and operating systems are targeted for initial access, man-in-the-middle attacks intercept sensitive data, and Distributed-Denial-of-Service attacks and wiper malware are used to cause disruption to critical systems. Attacks often involve malware that steals data and provides persistent access to networks, adware is used for tracking, information theft, and driving traffic to websites, and ransomware is often deployed for data theft and extortion.
The threat brief provides information on the different types of threat actors and their motivations to help network defenders gain a better understanding of their adversaries, and includes information on the most active threat groups that are known to target the HPH sector.
