Threat Actors Unite Against Healthcare Sector

As if double extortion was not enough, the triple extortion tactic is here to be the next nightmare, especially for the healthcare sector.

What’s going on?

As per a report by CTI League, it is estimated that ransomware attacks, along with trading and selling of databases containing Personal Health Information (PHI), are going to witness a surge this year. Moreover, the new triple extortion technique involves the use of ransomware, data theft, and DDoS attacks to extort money from healthcare providers.

Where does collaboration come in?

  • Even though ransomware actors compete with each other, they have realized that strength lies in unity. They have started observing and learning from each other, as well as adopting tactics that work well.
  • This interconnected landscape also consists of ransomware gangs collaborating with the same access brokers and money-laundering services.

Talking about initial access brokers

  • Although Q4 2020 saw a dip in offers for network access and their prices, the actual size of the network access market yet remains undefined.
  • Listings are customer agnostic, which implies that for $1,500-$2,000, a buyer can get domain access to a medium-sized company with several hundred employees.
  • In a report published by KELA last year, around 108 network access listings were posted on hacker forums, which were collectively valued at $505,000.

The plight of healthcare sector

  • Last year, 560 healthcare facilities were compromised by ransomware attacks. The attacks created life-threatening situations, including inaccessible lab tests and diversion of ambulances.
  • In H2 2020, at least 12 incidents witnessed the theft and publishing of PHI and other confidential data.
  • Almost half of all data breaches (46%) in the sector were a result of ransomware attacks. The most common method of gaining access to hospital networks consisted of abusing a pair of vulnerabilities found in the Citrix ADC controller that impacted Gateway hosts and Pulse Connect Secure.

The bottom line

Since the onset of the COVID-19 pandemic, hospitals, and other healthcare facilities have been severely impacted. The frequency of cyberattacks, along with the sophistication of attack techniques, is on the rise. Hence, it is imperative that the sector adopts better defenses against such attacks, specifically now that ransomware gangs are working together to impart maximum damage.

Cyware Publisher

Publisher

Cyware