First, the good news: After a lengthy investigation lasting several months, the FBI was able to put an end to the Hive ransomware group. More than 1,500 institutions, such as hospitals, school districts, and financial institutions, were attacked by the Hive network across 80 nations.
The bad news: It’s becoming increasingly clear that cyberattacks on healthcare facilities throughout the world will only continue to worsen.
- Check Point Research predicts that by 2022, there will be an average of 1,463 cyber-attacks every week against healthcare businesses around the world.
- There were 1,410 cyberattacks each week on American healthcare organizations, an increase of 86% from 2021.
- Healthcare organizations across the world averaged 1,463 cyberattacks per week in 2022, up 74% compared with 2021, according to Check Point Research.
- The average number of cyberattacks per healthcare organization in the United States rose to 1,410 per week, an increase of 86% from 2021.
It’s not your imagination: US healthcare organizations continue to be the most compromised by data breaches for the third year in a row, with 344 breaches in 2022, per the Identity Theft Resource Center (ITRC) 2022 Data Breach Report.
- Information on patients’ medical conditions, treatments, and diagnoses was the most common type of data stolen in these incidents.
- A number of people also asked for account information related to medical services and insurance.
- According to the ITRC, phishing and associated scams are still the most common form of cyberattack.
Batten down the hatches in 2023: The ITRC found that some Russian-based ransomware operators were sidetracked by the country’s involvement in the Ukrainian conflict during the first half of 2022, but that they resumed their criminal activities during the second half of the year.
Even with the Hive network shut down, healthcare providers have three major vulnerabilities to protect in 2023, per Security Magazine.
1. Third-party vendors
Cybercriminals have a much easier time finding and exploiting vulnerabilities in the healthcare industry. The ITRC reports that in February of 2022, a ransomware attack on PFC Financial Corporation, an accounts receivable management service, impacted hundreds of healthcare institutions.
2. Cloud breaches
Even though 73% of healthcare firms store data in the cloud, cloud breaches are on the rise, according to the Netwirx Cloud Data Security Study.
- By 2022, 61% of healthcare responders had already been the victim of a phishing, ransomware, or other malware assault on their cloud infrastructure.
- On average, attacks were spotted within minutes or hours, rather than days or weeks.
3. Internet of Things (IoT) attacks
According to Cynerio’s State of Healthcare IoT Device Security 2022 research, 53% of all connected devices are vulnerable to cyberattacks.
- The IV pumps and VoIP systems that make up half of a hospital’s IoT footprint are the most at risk.
The quickest ways to be compromised are those with weak or insecure passwords.