Share this article on:
The healthcare industry continues to face a considerable range of threats, with ransomware attacks and data breaches still highly prevalent. Throughout 2021, healthcare data breaches were being reported at a rate of almost 2 per day, and while there was a reduction in the number of ransomware attacks compared to 2020, ransomware remains a major threat with several ransomware gangs actively targeting the healthcare sector.
In its Q4, 2021 Healthcare Cybersecurity Bulletin, released on Friday, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) warned of some of the ongoing cyberattack trends that are expected to continue in Q1, 2022.
Law enforcement agencies in the United States and Europe have increased their efforts to bring the operators of ransomware operations and their affiliates to justice, with those efforts resulting in the arrests of key members of several ransomware groups. This year, in a rare act of cooperation between the United States and Russia, 14 suspected members of the notorious REvil ransomware gang have been arrested. The increased pressure on ransomware gangs has helped to curb attacks, but there are still many ransomware gangs in operation, several of which have been actively targeting the healthcare sector.
Emsisoft tracked 68 ransomware attacks on healthcare providers in 2021, which is a reduction from the 80 healthcare providers attacked in 2020; however, there have also been several attacks on business associates that have affected multiple healthcare organizations. According to a recent FinCEN report, there are at least 68 active ransomware operations and the top 10 ransomware gangs in 2021 generated more than $5.2 billion in ransom payments. Ransomware will continue to be a problem for the healthcare sector in 2022, so it is important to follow industry best practices to prepare for, prevent, and recover from ransomware attacks to ensure patient safety.
The vulnerabilities identified in the Apache Log4J logging library, the first of which were made public in late November 2021, continue to pose problems for healthcare organizations. A proof-of-concept exploit was released in December 2021, and multiple threat actors have been exploiting the vulnerabilities. HC3 issued a threat brief on January 20, 2021, warning about the risk of exploitation of the 6 vulnerabilities and suggested mitigations that should be implemented immediately to reduce the risk of exploitation.
Emotet malware first appeared in 2014 and has been extensively used in attacks on healthcare organizations. Devices infected with the Emotet Trojan are added to the botnet, and access to those devices is sold to other threat groups, often leading to ransomware attacks. The botnet was taken down in January 2021, which is part of the reason why there has been a reduction in ransomware attacks; however, the botnet is now being rebuilt with greater resilience to takedown attempts and now has several new capabilities. Emotet is likely to pose a significant threat to the healthcare industry throughout 2022 so it is important to take steps to improve defenses. Emotet is primarily distributed via phishing emails, so healthcare organizations need to implement robust email security measures and ensure they provide security awareness training to the workforce.
Vulnerabilities in information systems continue to be exploited to gain access to healthcare networks and sensitive data. It is critical for healthcare organizations to stay on top of patching and to apply software updates promptly. Patching should be prioritized, with the vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog addressed first, along with any critical vulnerabilities in software, operating systems, and firmware.