Threat Research

Major Cyber Attacks in the Healthcare Sector (2023 – 2024) – SOCRadar® Cyber Intelligence Inc.

SocRadar

The healthcare sector is increasingly targeted by cybercriminals, with data breaches costing an average of USD 9.77 million per incident. The rise of Ransomware-as-a-Service (RaaS), supply chain vulnerabilities, and IoT device exposure amplify these risks, causing disruptions and threats to patient safety. #RaaS #Qilin #RansomHub #ALPHV #BlackCat #Cl0p #MOVEit #GoAnywhere #HCAHealthcare #Synnovis #OneBlood #ChangeHealthcare

Keypoints

  • The healthcare industry experiences the highest data breach costs, averaging USD 9.77 million per incident, driven by sensitive data and legacy systems.
  • Ransomware attacks, especially via RaaS, significantly elevate risk to healthcare organizations by enabling broader campaigns.
  • Phishing exploits the fast-paced medical environment, contributing to data breaches and insider threats.
  • Supply chain vulnerabilities can trigger widespread disruptions, as shown by major attacks on Change Healthcare and OneBlood.
  • IoT device integration in healthcare increases security risks, including potential data breaches and patient safety threats.
  • In 2023, over 124 million healthcare records were breached (93.5% of breached records across sectors); 725 large breaches were reported to HHS in 2023.
  • Emerging threat actors like Qilin and RansomHub are targeting healthcare sectors, alongside established groups such as BlackCat (ALPHV), Cl0p, and BlackSuit (Royal).
  • Advanced monitoring solutions (e.g., Dark Web Monitoring, Supply Chain Intelligence) are essential for detecting and mitigating healthcare cybersecurity threats.

MITRE Techniques

  • [T1486] Ransomware – Ransomware attacks disrupt access to critical patient data, leading to operational challenges. ‘Ransomware-as-a-Service (RaaS) enables low-skilled attackers to deploy sophisticated ransomware campaigns.’
  • [T1566] Phishing – Attackers craft deceptive emails to trick healthcare employees into revealing sensitive information. ‘Attackers craft deceptive emails to trick healthcare employees into revealing sensitive information.’
  • [T1195] Supply Chain Compromise – Attackers exploit vulnerabilities in third-party vendors to disrupt healthcare services. ‘Recent ransomware attacks have highlighted the risks posed by supply chain vulnerabilities.’
  • [T1499] IoT Device Compromise – Cybercriminals exploit vulnerabilities in IoT devices used in healthcare, leading to data breaches. ‘Cybercriminals exploit vulnerabilities in IoT devices used in healthcare, leading to data breaches.’

Indicators of Compromise

  • [IOC] None listed – no IPs, file hashes, domains, or filenames cited in the article.

Read more: https://socradar.io/biggest-healthcare-industry-attacks-2023-2024/