Learn extra on information breaches impacting US healthcare organizations in 2024:
Over 14 million sufferers have been affected by information breaches attributable to malware assaults on US healthcare organizations thus far in 2024, in line with a brand new evaluation by SonicWall.
Most (91%) of those breaches have leveraged ransomware, with the report highlighting that attackers see the specter of exposing delicate data held by healthcare organizations as an efficient technique for extorting ransom funds.
Learn now: Ransomware Teams Prioritize Protection Evasion for Information Exfiltration
The researchers commented: “It’s no secret that healthcare is a data-driven enterprise, storing an unlimited quantity of delicate private and medical data, reminiscent of social safety numbers, medical histories, and monetary information, making them prime targets for exploitation. This data is extraordinarily worthwhile on the black market.”
In addition they famous that disrupting entry to medical techniques can have life-threatening penalties, which means healthcare organizations usually tend to pay ransoms to revive operations shortly.
The researchers added that the fast adoption of digital instruments, AI and platforms has expanded the assault floor of healthcare organizations, leading to a major enhance in ransomware assaults concentrating on this sector.
Healthcare Attackers’ Give attention to Crucial Vulnerabilities
The SonicWall report discovered that ransomware teams have focused the healthcare sector by exploiting a number of important vulnerabilities in 2024, enabling them to infiltrate networks, escalate privileges and deploy ransomware.
The chance to take advantage of vulnerabilities has been facilitated by the growing integration of digital techniques, reminiscent of digital well being information, telemedicine platforms, and web of medical issues (IoMT) units.
Round 60% of vulnerabilities leveraged towards healthcare thus far in 2024 focused Microsoft Change, a broadly used communication device on this trade.
These embrace the ProxyShell exploit chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) and ProxyLogon vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065).
Different important vulnerabilities exploited by ransomware teams to focus on healthcare organizations embrace:
- PaperCut servers, used to compromise networked techniques (CVE-2023-27350)
- Citrix Bleed, permitting attackers to realize distant entry to organizations reliant on Citrix (CVE-2023-4966)
- Microsoft Home windows vulnerability within the Internet Proxy Auto-Discovery (WPAD) protocol, an older vulnerability permitting attackers to realize elevated privileges (CVE-2016-0099)
“Teams like BlackCat/ALPHV have notably favored these vulnerabilities, and so they usually chain these flaws collectively to keep up persistence and maximize their impression on healthcare organizations,” the researchers mentioned.
