54%

12130899701?profile=RESIZE_400xEU Health Sector: Ransomware Accounts for 54% of Cybersecurity Threats

The European Union Agency for Cybersecurity (ENISA) released a report on 5 July with its first cyber threat landscape for the health sector.  The report found that ransomware accounts for 54% of cybersecurity threats in the health sector.

The comprehensive analysis maps and studies cyberattacks, identifying prime threats, actors, impacts, and trends for a period of over 2 years, providing valuable insights for the healthcare community and policy makers.  The analysis is based on a total of 215 publicly reported incidents in the EU and neighboring countries.[1]

Executive Director of the European Union Agency for Cybersecurity (ENISA), Juhan Lepassaar said, “A high common level of cybersecurity for the healthcare sector in the EU is essential to ensure health organizations can operate in the safest way.  The rise of the Covid-19 pandemic showed us how we critically depend on health systems.  What I consider as a wake-up call confirmed we need to get a clear view of the risks, the attack surface and the vulnerabilities specific to the sector.  Access to incident reporting data must therefore be facilitated to better visualize and comprehend our cyber threat environment and identify the appropriate mitigation measures we need to implement.”

The findings:  The report reveals a concerning reality of the challenges faced by the EU health sector during the reporting period.  With widespread incidents, the European health sector experienced a significant number of incidents, with healthcare providers accounting for 53% of the total incidents.  Hospitals, in particular, bore the brunt, with 42% of incidents reported.  Additionally, health authorities, bodies and agencies (14%), and the pharmaceutical industry (9%) were targeted.

Ransomware emerged as one of the primary threats in the health sector (54% of incidents).  This trend is seen as likely to continue.  Only 27% of surveyed organizations in the health sector have a dedicated ransomware defense program.  Driven by financial gain, cybercriminals extort both health organizations and patients, threatening to disclose data, personal or sensitive in nature.  Patient data, including electronic health records, were the most targeted assets (30%).  Alarmingly, nearly half of all incidents (46%) aimed to steal or leak health organizations’ data.

It is essential to note that the reporting period coincided with a significant portion of the Covid-19 pandemic era, during which the healthcare sector became a prime target for attackers.  Financially motivated threat actors, driven by the value of patient data, were responsible for the majority of attacks (53%).  The pandemic saw multiple instances of data leakage from Covid-19 related systems and testing laboratories in various EU countries.  Insiders and poor security practices, including misconfigurations, were identified as primary causes of these leaks.  The incidents serve as a stark reminder of the importance of robust cybersecurity practices, particularly in times of urgent operational needs.

Attacks on healthcare supply chains and service providers resulted in disruptions or losses to health organizations (7%).  Such types of attacks are expected to remain significant in the future, given the risks posed by vulnerabilities in healthcare systems and medical devices.  A recent study by ENISA revealed that healthcare organizations reported the highest number of security incidents related to vulnerabilities in software or hardware, with 80% of respondents citing vulnerabilities as the cause of more than 61% of their security incidents.

Geopolitical developments and hacktivist activity led to a surge in Distributed Denial of Service (DDoS) attacks by pro-Russian hacktivist groups against hospitals and health authorities in early 2023, accounting for 9% of total incidents.  While this trend is expected to continue, the actual impact of these attacks remains relatively low.

The incidents examined in the report had significant consequences for health organizations, primarily resulting in breaches or theft of data (43%) disrupted healthcare services (22%) and disrupted services not related to healthcare (26%).  The report also highlights the financial losses incurred, with the median cost of a major security incident in the health sector estimated at €300,000 according to the ENISA NIS Investment 2022 study.  Patient safety emerges as a paramount concern for the health community, given potential delays in triage and treatment caused by cyber incidents.

The ENISA threat landscape report maps the cyber threat landscape to help decision makers, policy makers and security specialists define strategies to defend citizens, organizations and cyberspace.  The report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through the members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).

The analysis and views of the threat landscape by ENISA is meant to be industry and vendor neutral.  Information based on OSINT (Open-Source Intelligence) and the work of ENISA on Situational Awareness also helped document the analysis presented in the report.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

[1] https://www.enisa.europa.eu/news/checking-up-on-health-ransomware-accounts-for-54-of-cybersecurity-threats

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!