Under Attack: Over 1 Million Healthcare Records Stolen in 2023, Says A Report
Healthcare was among the top sectors impacted in 2023 by mega cybersecurity breaches, and over a million records were stolen.
Infostealers were the primary malware and ransomware families used to target the healthcare sector, the report by the secure access service edge company showed.
The report also examined the continued increase in cloud app adoption in the healthcare sector as well as malware trends across the sector. It was based on anonymous usage data of a healthcare sector subset of Netskope customers.
Below are some key report findings:
Healthcare Key Target For Infostealer Attacks
Infostealers are a prominent malware family for the healthcare sector as attackers attempted to steal valuable data from organisations and patients for ransom or blackmailing. According to the report, the Clopp ransomware group was particularly active in targeting healthcare and health insurance organisations, exploiting the CVE-2023-34362 MOVEit vulnerability.
Malware Downloads Increased In 2023
Cloud-delivered malware ended the year at approximately 40% of malware downloads in the healthcare sector. After a peak of 50% in June, malware downloads dipped in the second half of the year. Cloud-delivered malware in the sector grew year-on-year—up from 30% a year ago.
Cloud apps are increasingly a target for malware as they give attackers the ability to evade regular security controls that rely on tools such as domain block lists and monitoring of web traffic. Such attacks often impact companies that do not apply zero trust principles to routinely inspect cloud traffic.
Bucking The Microsoft OneDrive Malware Trend
While Microsoft OneDrive remained the most popular app in the healthcare sector, its use was significantly lower than in other sectors. As a result, malware downloads through OneDrive were 12% lower in healthcare than in other industries.
The general prevalence of OneDrive-originated malware attacks reflects the merger of adversary tactics (abusing OneDrive to distribute malware) and victim behaviour (likelihood to click on the links and download the malware) coupled with the widespread popularity of OneDrive.
Slack’s Popularity In Healthcare
The app came second for uploads (behind OneDrive) and fifth for downloads. However, this usage trend did not correlate with the number of malware downloads from the app—it was not even in the top 10 sources. Attackers would use Slack as a command and control server, as its API provides a flexible mechanism to upload (or exfiltrate) data.
Paolo Passeri, cyber intelligence principal at Netskope, said, “Malware and infostealers shouldn’t be the only concern for the healthcare sector; they should also consider the vulnerability of their supply chain and apply the same zero trust strategy they would in their own organisation to third-parties in the supply chain.”