Cyberattacks on the healthcare sector are increasing at an alarming rate, security researchers have warned, as threat actors continue to ramp up the pressure and force organizations to bolster their defenses.
On February 21, 2024, American technology company Change Healthcare, whose systems are used in hospitals and pharmacies across the country, was the victim of a major cyber incident that affected several of its services.
The breach reportedly affected more than 100 apps produced by the UnitedHealth Group subsidiary, including those that support medical records, patient engagement and payment services.
Matt Aldridge, principal solutions consultant at security firm Opentext Cybersecurity, said ITPro The incident is the latest in a series of attacks on healthcare organizations, and signals that it is imperative that the sector improves its cyber posture going forward.
“This latest cyberattack on Change Healthcare in the United States is unfortunately not surprising, given that healthcare is a common target for cybercriminals,” he said.
“As medical facility services are essential and often cannot be interrupted without serious risk to patients, the industry is very much in the spotlight and must therefore implement strong cyber resilience strategies to limit disruptions and keep the continuity of patient care at the forefront.” key.”
Cyberattacks on the healthcare sector have caused warnings in the industry
The frequency of attacks targeting the healthcare sector forced the FBI, CISA, and the Department of Health and Human Services to update their joint #StopRansomware advisory.
The advisory, which urges healthcare companies to take seriously the elevated level of threat they face, now includes more information about the specific tactics, techniques and procedures of the ALPHV/BlackCat ransomware gang.
The ALPHV/BlackCat collective is known for specifically targeting healthcare industry institutions and is believed to be the group behind the latest Change Healthcare attack that affected hospitals and pharmacies across the United States.
How the attack on Change Healthcare unfolded
Change Healthcare revealed that it had suffered a significant breach on February 21, 2024, causing significant delays in prescription services.
The company's technology facilitates communication between the medical organization and the patient's insurance provider, and the outage has meant that pharmacists have been unable to process insurance claims.
In an update to its initial disclosure, published on February 21, Change Healthcare stated that once it became aware of the external threat, it took its systems offline to prevent further damage.
The update also indicated that the company was confident that the incident had not affected Optum, which acquired Change Healthcare in 2022, or UnitedHealth Group systems.
UnitedHealth Group's filing with the U.S. Securities and Exchange Commission (SEC) on February 27 stated that it had “identified that a suspected nation-state-associated cybersecurity threat actor had gained access” to the Change Healthcare information systems.
Yelisey Bohuslavskiy, co-founder and research director of RedSense Cyber Threat Intelligence, posted on LinkedIn that her findings indicated that initial access was achieved through a vulnerability in ConnectWise's ScreenConnect remote desktop access software.
Bohuslavskiy speculated that using this initial access would limit the number of potential perpetrators and commented that this could be the work of a former BlackCat administrator who regrouped after the group was targeted by police operations.
Regardless of the identity of the attacker, this attack demonstrates the significant and potentially serious consequences of ransomware when used against healthcare institutions.
Repeated cyberattacks in the healthcare sector should be a wake-up call
As Aldridge noted, attacks on critical national infrastructure, particularly healthcare organizations, can result in severe costs, with many patients in the US unable to retrieve their prescriptions for the past six days.
Previous attacks on health services in Ireland and the United Kingdom have caused similar disarray among patients trying to attend their appointments or collect their sometimes vital medications.
Pharmaceutical company Cencora revealed a data breach on Tuesday, February 27; Investigations are still ongoing and further details of the incident have not yet been confirmed.
On the same day, medical supply company Henry Schein reported a drop of more than $120 million in its annual net revenue as a result of a cyberattack that affected the organization in September 2023.
Ireland's national health and social services provider was forced to shut down its entire IT system after suffering a “sophisticated” ransomware attack in 2021, resulting in the cancellation and postponement of outpatient medical appointments.
Four years earlier, in 2017, the UK's National Health Service (NHS) was one of several public sector organizations “brought to its knees” by the WannaCry ransomware, which is believed to have been spread by North Korean threat actors.
The attack disrupted a third of UK hospital trusts and around 8% of GP clinics, with estimates of almost 19,000 hospital appointments canceled as a result of the attack.
Aldridge said that despite repeated cases, the healthcare sector as a whole – including service providers – remains highly vulnerable to cybercriminals.
Statistics from Check Point's annual threat report found that the healthcare industry was one of the top three most attacked sectors in 2023. With an average of 1,500 weekly attacks on healthcare organizations, the sector ranked third behind the education/research (2,046) and government/military. (1598).
However, of the three most attacked sectors, healthcare was the only industry to see the frequency of attacks increase from 2022, with a growth of 3%.
With this in mind, Aldridge argued that the industry must ensure it continually re-evaluates cyber hygiene practices and improve its resilience to cyber threats.
“A nationwide disruption of prescription services by attackers raises serious concerns about the resilience of healthcare IT systems. Taking systems offline, while necessary, demonstrates the challenges associated with balancing operational continuity and cybersecurity,” he said. “To combat evolving threats, it is crucial that the healthcare industry continually evolves its cybersecurity strategies.”