Healthcare sector at forefront of megabreach impact


The latest report from Netskope Threat Labs has uncovered troubling trends in cybersecurity threats targeting the healthcare sector, shedding light on the need for robust protective measures.

Netskope Threat Labs has published its latest research report, revealing that the infostealers were the primary malware and ransomware families used to target the healthcare sector.

The report also examined the continued increase in cloud app adoption, as well as malware trends in the healthcare sector, and provides recommendations for organisations to shield their systems, employees and patients from emerging threats.

Key findings include:

  • Key target for infostealer attacks: Infostealers are a prominent malware family for the healthcare sector as attackers attempt to steal valuable data from organisations and patients in order to further blackmail or ransom the data.
      • The Clopp ransomware gang was particularly active targeting healthcare and health insurance organisations, exploiting the CVE-2023-34362 MOVEit vulnerability.
      • Healthcare was among the top sectors impacted during 2023 by mega breaches, attacks where over one million records are stolen.
  • Malware downloads increased in 2023 but plateaued in H2: An increasing volume of malware are delivered to employees in the health and healthcare sector via the cloud business applications they use in their day-to-day work. Cloud delivered malware represented approximately 40% of all malware downloads at the end of 2023, after a peak at 50% in June. Healthcare trended slightly below other industries, but cloud-delivered malware in the sector grew considerably year-on-year – up from just 30% a year ago.
  • Notably, the healthcare sector appeared to have the lowest percentage of malware sourced from the cloud in the past 12 months, ranking behind telecoms, financial services, manufacturing, retail, technology, state and local government and education.
  • Cloud apps are increasingly a target for malware as they give attackers the ability to evade regular security controls that rely on tools such as domain block lists and monitoring of web traffic, and such attacks impact companies that do not apply zero trust principles to routinely inspect cloud traffic.
  • Bucking the Microsoft OneDrive malware trend: While Microsoft OneDrive remained the most popular app in the healthcare sector, its use was significantly lower than other sectors. As a result malware downloads through OneDrive were 12 percentage points lower than other industries.
  • Slack’s popularity in healthcare: The app was second for uploads (behind OneDrive) and fifth for downloads, significantly higher than in other sectors. However, this usage trend did not correlate with the number of malware downloads from the app – it was not even in the top 10 sources.
      • As Slack is a robust enterprise app, attackers need to use different tactics and content to target users who need to accept or share invites to external channels. This is a more complex process when compared with other consumer messaging apps like Whatsapp that could be used on a corporate device. Instead, attackers would use Slack as a command and control server, as its API provides a flexible mechanism to upload (or exfiltrate) data.

Speaking on the findings, Paolo Passeri, Cyber Intelligence Principal at Netskope said:

“Infostealers are among the top threats for the healthcare sector and this is reflected in the fact that during the course of 2023 many healthcare organisations were the targets of mega breaches, and among the top targets of the  massive Clop campaign exploiting the CVE-2023-34362 vulnerability.

“Of course this modus operandi is unsurprising because of the types of personal data managed by these organisations, but is particularly effective because attackers do not necessarily need to encrypt the data in a ransomware style attack. Instead they exfiltrate the stolen information and use it to blackmail the victim, or their customers/patients.

“Malware and infostealers shouldn’t be the only concern for the healthcare sector, they should also consider the vulnerability of their supply chain and apply the same zero trust strategy they would in their own organisation to third-parties in the supply chain.”

The report is based on anonymised usage data collected about a healthcare sector subset of Netskope’s 2,500+ customers, all of whom give prior authorisation for their data to be analysed in this manner. In Australia, Netskope protects more than 625,000 workers.

Leave a Comment

Your email address will not be published. Required fields are marked *

Next Up