Escalating Healthcare Cyber-Attacks: The Sector Emerges as a Primary Target

Cyber-attacks targeting the healthcare sector have escalated sharply, with reports indicating a notable increase in incidents compared to other key industries in 2024, as evidenced by recent data from Darktrace.

Data revealed that Darktrace responded to 45 cybersecurity incidents impacting healthcare organizations, surpassing the number of incidents reported in finance (37), energy (22), insurance (14), and telecommunications (12).

A significant reason for the heightened targeting of healthcare is the sector’s lucrative nature. Globally, data breaches in healthcare resulted in higher costs than any other industry, averaging $10 million between 2020 and 2024. According to Nicole Wong, Principal Cyber Analyst at Darktrace, the rise in targeting aligns with previously observed trends, highlighting the growing intensity of threats in 2024. The vast amounts of personal and sensitive patient data stored by hospitals and healthcare providers make them attractive targets for data breaches, ransomware attacks, and other forms of cybercrime.

Wong elaborated, stating that the sensitive nature of patient information, combined with the critical importance of healthcare services, renders the sector a high-value target, especially for politically motivated threat actors.

Methods of Compromise in Healthcare

A recent report indicated that phishing (32%) and the exploitation of edge infrastructure vulnerabilities (36%) collectively accounted for over two-thirds of healthcare compromises. Other factors included exposed ports, misconfigurations, and the exploitation of end-of-life devices.

This pattern mirrors attacks in other sectors, with a notable 75% of healthcare network intrusions being attributed to business email or cloud account compromises that did not escalate to ransomware or data exfiltration. This suggests a preparatory strategy by attackers for more significant gains in the future.

Wong noted that this phenomenon reflects the multi-stage attacks typically executed by advanced persistent threat (APT) groups, indicating a rising sophistication in the capabilities of threat actors targeting healthcare.

Evolution of Phishing Techniques

Research has shown a disturbing evolution in phishing attacks, as they have become more targeted within the healthcare industry. One-third of such attacks have been directed at VIP users, suggesting an intentional focus on individuals with enhanced access privileges. Additionally, a significant portion of phishing emails in 2024 either impersonated suppliers or originated from compromised supplier accounts.

Nahisha Nobregas, Senior Cyber Analyst at Darktrace, highlighted this concerning trend, noting that it exploits the trust established between healthcare providers and their vendors, complicating detection efforts due to the legitimacy of the communications.

Exploitation of Vulnerabilities

Darktrace’s data indicated that attackers have frequently exploited vulnerabilities in edge infrastructure devices from various vendors, including Citrix, Cisco, Fortinet, and Ivanti. The healthcare organizations affected range from equipment suppliers to non-critical care providers.

Expanding Attack Surface in Healthcare

The widening attack surface of healthcare organizations is concerning, with increasing reliance on cloud services, the integration of more third-party devices and services, and a rise in Medical Internet of Things (IoMT) devices, all contributing to this vulnerability.

Darktrace highlighted a case where a digital imaging device was found infected with the PurpleFox rootkit and DirtyMoe malware. This incident illustrates how specialized medical devices have emerged as another vulnerable point within the healthcare infrastructure. The intention was not to compromise protected health information but rather to establish a foothold within the network, underscoring the necessity for continuous security monitoring of clinical devices in tandem with traditional IT systems.

Patrick Anjos, Senior Cyber Analyst at Darktrace, emphasized the importance of comprehensive security monitoring that transcends traditional IT networks to encompass specialized medical equipment, reiterating the evolution of threats in the healthcare sector.