Healthcare organizations facing more sophisticated attacks

Attacks on healthcare organizations are becoming more numerous and sophisticated in nature, according to the latest Cybersecurity Buyer Intelligence Report from the Cyber Risk Alliance (CRA).Full disclosure: CRA is the parent company of SC Media.The report, based on intelligence collected from a panel of cybersecurity professionals and managers, found that healthcare organizations are seeing attacks that are more sophisticated than those in previous years.In the CRA report, 46% of respondents said that their organization had witnessed an attack attempt firsthand as they were the target of a cyberattack within the last 12 months.Overall, 24% of respondents said that the attacks they saw were “much more sophisticated” than those presented in previous years. Additionally, 47% said that the attacks they saw were “somewhat more sophisticated” in their nature.For those of us who struggle with math, that is 71%, or nearly three quarters of the industry who will testify to attacks on healthcare organizations becoming more sophisticated in nature.“I believe that the technology will continue advancing and attacks will become more sophisticated in nature,” said one respondent.“This will directly impact the cybersecurity in healthcare organizations like the hospital I work for because they will need to be prepared and savvy to block the attack or know the tools/steps necessary to do so.”The findings come alongside verification that attacks on healthcare organizations are growing at a faster rate than other industry sectors. Experts believe this is due to a number of factors within the threat actor ecosystem.One key motivator is the belief that healthcare organizations are more likely to pay out a ransom demand without the need for a prolonged negotiation because of the sensitive nature of medical records and potential for catastrophic fallout should those records be released in plain text.Additionally, there is reportedly a shift in the culture of ransomware developers and operators. Whereas previous generations of malware gangs upheld an unspoken rule against targeting critical organizations such as hospitals and medical providers, a new generation of cybercrooks appears to have no qualms with targeting healthcare organizations with threats of service disruption and loss of records.Going forward, cybersecurity professionals believed that defenders will need to respond to the sophisticated attacks by advancing their own tools and systems.“The future will be more digital, and AI will become the main force in disease prediction, patient management, etc.,” said one respondent.“The number of cyberattacks may increase after adopting more digital technologies.”