What were the most common cyber attack patterns in the healthcare industry in 2023?
In support of Cybersecurity Awareness Month, we are examining reported incidents by industry. The focus of this article will be on the healthcare sector.
When hospital operations shutter and patient medical records are exposed, life-threatening consequences can occur. Some estimates suggest that hospitals produce nearly 50 petabytes of data on a daily basis, which is an extremely large volume to process…let alone protect. And countless entry points, such as medical record databases, web-facing telehealth applications, health insurance and pharmacy exchanges and more, leave the healthcare industry vulnerable to threat actors looking for financial gain through means of extortion.
In fact, the Verizon 2023 Data Breach Investigations Report (Verizon DBIR) found that 98% of the reported incidents were financially motivated with 67% of breaches targeting personal data, 54% targeting medical data and 36% targeting credentials
So, what were the most common cybersecurity attack methods in the healthcare industry in 2023?
According to the 2023 Verizon DBIR, 68% of all reported incidents in the healthcare industry were from system intrusion, basic web application attacks or miscellaneous errors.
System Intrusion and the Healthcare Industry
The U.S. healthcare industry continues to battle system intrusions, which involve situations where a threat actor uses technological means to gain unauthorized access to a healthcare system or database. According to the Verizon DBIR, although the number of ransomware incidents peaked across the healthcare industry back in 2021, the last three years resulted in a significant increase in ransomware-caused data breaches.
Data breaches occur when sensitive patient and/or hospital information is compromised and obtained by unauthorized individuals, which in the healthcare world, is a constant danger with the amount of sensitive data stored in hospital databases and EMR systems.
And while hospitals and security personnel can be properly informed of how to detect and protect against data breaches, it’s only a matter of time before most experience one, unfortunately. This not only affects patient record data security, but it can also impact the quality of care. For example, this article explains a recent ransomware attack that caused a data breach resulting in emergency room and clinic shutdowns across 16 hospitals in 4 states.
Basic Web Application Attacks and the Healthcare Industry
The COVID-19 pandemic reshaped virtually every industry, but most arguably healthcare. When in-office visits became obsolete for all non-life-threatening medical concerns, doctors and caretakers took to third-party web-based and mobile applications to conduct virtual visits, refill prescriptions and send follow-up messages directly to patients. Even with the proper controls, such as multi-factor authentication and automated security tools, these apps have vulnerabilities that threat actors are ready to expose. In a number of reported cases, threat actors were able to obtain unauthorized access through virtual platforms, with the ability to view sensitive payment, personal and medical data.
Nevertheless, you should still trust telehealth services. Hospital networks across the country are ramping up their preventive and detective controls to avoid attacks from occurring, enhancing response capabilities to reduce the impact of an attack and accelerating the time it takes to recover system availability and lost data.
While hospital systems continue to work toward better cyber hygiene, it is important to recognize our individual role in securing data, particularly where patients are given options of utilizing controls, such as multi-factor authentication and increasing the strength of passwords for access to medical web-based applications.
Miscellaneous Errors and the Healthcare Industry
With the ever-growing volume of data and the fast-paced nature of the healthcare industry, it’s easy for miscellaneous errors to occur.
In the healthcare world, miscellaneous errors are often rooted in human mistakes and take the form of mis-delivery. Mis-delivery occurs when a healthcare employee sends personally identifiable data to an unintended recipient via email or another communications channel, such as the U.S. Postal Service.
When sensitive medical paper documents are mailed, sometimes there are signs on the envelopes that their contents include test results, explanations of benefits or other personal information. If there’s too much information revealed through an envelope’s clear window, your mail carrier or a potential threat actor could be privy to sensitive information that they could use against you.
This article is part of a series highlighting the most common cybersecurity incidents by industry and is based on data from the 2023 Verizon DBIR. Additional articles include:
- Protect Your Financial and Insurance Data: 3 Common Cyber Attack Methods to Watch Our for in 2023
- Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
- Cybersecurity Awareness Month Celebrates 20 Years
It is important to note that the data referenced is from organizations that chose to disclose incidents and data breaches.
About Cybersecurity Awareness Month
Since 2004, the United States and Congress have recognized October as Cybersecurity Awareness Month to raise awareness about the importance of cybersecurity in the public and private sectors and tribal communities. The year marks the 20th year anniversary of Cybersecurity Awareness Month and this year’s campaign, Secure Our World, focuses on four ways to protect yourself, your family and your business from online threats.
Related Resources
- CISA – Secure Our World Homepage
- CISA – 4 Things You Can Do To Keep Yourself Cyber Safe
- Schneider Downs Cybersecurity Resource Library
- Verizon 2023 Data Breach Investigations Report
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected].
Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.
Related Posts
No related posts.