The healthcare industry will still have a sizeable assortment of threats. Ransomware attacks and data breaches continue to be remarkably commonplace. All through 2021, healthcare data breach reporting registered a rate of about 2 daily, and though there was a decrease in the number of ransomware attacks in contrast to 2020, ransomware is still a serious threat with a number of ransomware gangs actively targeting the healthcare community.
In Quarter 4, the 2021 Healthcare Cybersecurity Bulletin, issued on January 21, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) cautioned of certain persistent cyberattack trends that are estimated to go on in Q1 of 2022.
Ransomware
Law enforcement bureaus in the United States and Europe have intensified their initiatives to bring the agents of ransomware activities and their affiliates to legal courts, with those campaigns resulting in the apprehension of main members of various ransomware groups. This 2022, in an uncommon act of cooperation involving the U.S. and Russia, 14 alleged members of the well-known REvil ransomware group were detained. The higher pressure on ransomware groups has helped to reduce attacks, yet there remain a lot of ransomware gangs in action, a number of which were actively attacking the healthcare industry.
Emsisoft monitored 68 ransomware attacks on healthcare companies in 2021, which is a decrease from the 80 healthcare providers attacked in 2020; nevertheless, there were furthermore a number of attacks on business associates that have impacted several healthcare companies. As per the latest FinCEN report, there are no less than 68 active ransomware attacks, and the top ten ransomware groups in 2021 earned above $5.2 billion in ransom payments. Ransomware will still be a difficulty for the healthcare market in 2022, therefore it is crucial to observe industry guidelines to get ready for, avert, and recover from ransomware attacks to assure patient protection.
Apache Log4J
The vulnerabilities found in the Apache Log4J logging library, which was initially announced to the public at the end of November 2021, still cause difficulties for healthcare institutions. A proof-of-concept exploit was launched in December 2021, and a number of threat actors were taking advantage of the vulnerabilities. HC3 published a threat summary on January 20, 2021, alerting about the danger of exploitation of the 6 vulnerabilities and proposed mitigations that ought to be put in place promptly to lower the threat of exploitation.
Emotet Botnet
Emotet malware initially came out in 2014 and was substantially utilized in attacks on healthcare companies. Devices affected with the Emotet Trojan are combined with the botnet, and access to that equipment is offered to other threat organizations, usually bringing about ransomware attacks. The botnet was removed in January 2021, which is an element of the reason why there is a decline in ransomware attacks; nonetheless, the botnet is currently being recreated with more resilience to shutdown initiatives and today has various new functionality. Emotet is possible to create considerable risk to the healthcare sector all through 2022 thus it is critical to make a move to strengthen defenses. Emotet is chiefly spread using phishing emails, thus healthcare institutions should employ strong email security procedures and make sure they give security awareness training to the staff.
Vulnerabilities
Vulnerabilities in data systems will still be taken advantage of to acquire access to healthcare systems and sensitive information. It is vital for healthcare companies to remain in control of patching and to use software updates quickly. Patching must be prioritized, with the vulnerabilities posted in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog resolved first, in conjunction with any critical vulnerabilities in the application, OS’s, and firmware.