- 61% of healthcare companies experienced a cloud cyberattack in the yr2023, with 86% of these attacks resulting in financial losses or significant damages.
- Healthcare remains top amongst favorite for Cybercriminals, 14M patients affected in the U.S. have been affected by data breaches in 2024 so far, reports SonicWall .
- 91% of the healthcare data breaches that SonicWall researchers analyzed involved ransomware, highlighting the continued targeting of the U.S. healthcare sector.
Office for Civil Rights (OCR) reported for the yr 2023, 725 data breaches were reported to OCR and across those breaches, more than 133 million records were exposed or impermissibly disclosed. There has been a general upward trend in the number of records exposed each year, with a massive increase in 2024.
SonicWall based its report on data from SonicWall Capture Labs, which uses machine learning to collect and retain data about attack vectors and threats in real time. The researchers concluded that exploitation of healthcare data remains high for cyberthreat actors due to its data-driven nature and that focuses on sensitive data.
key findings from Sonicwall report
- Rapid adoption of digital tools
- AI and platforms during and after the COVID-19 pandemic
- Ransomware attacks
- Cyberthreat actors targeted Microsoft Exchange
The research highlighted the growing prominence of ransomware actors that specialize in targeting healthcare, such as LockBit and ALPHV/BlackCat. For example, ALPHV/BlackCat claimed responsibility for the attack against Change Healthcare in February 2024, resulting in a massive data breach, a $22 million ransom payment and months of recovery time.
In addition to ransomware, the threat brief highlighted the prevalence of cyberthreat actors targeting healthcare by exploiting critical vulnerabilities. The data suggested that 60% of the vulnerabilities exploited by cyberthreat actors specifically targeted Microsoft Exchange, a widely used tool in healthcare.
For example, ransomware groups have been observed exploiting ProxyShell Exploit Chain and ProxyLogon vulnerabilities to gain access to servers and deploy ransomware. Some groups chain these vulnerabilities together to further strengthen their attack methods.
Other notable vulnerabilities targeted in the healthcare sector include the Citrix Bleed vulnerability and the PaperCut vulnerability. Unpatched vulnerabilities or reactive patching can leave healthcare organizations more vulnerable to the exploitation of these flaws.
The growing threat of ransomware and data breaches in healthcare has been well-documented by private cybersecurity companies and government entities alike. For example, in October 2023, HHS’ Office for Civil Rights (OCR) stated that there was a 239% increase in large breaches reported to OCR involving hacking and a 278% increase in ransomware.
Defending against these mounting threats requires a proactive, multilayered approach, the SonicWall report suggested few tips.
- Strong patch management program
- Strong authentication protocols
- Continuous monitoring to mitigate the risk of data breaches
- Protect patient information.
