Healthcare cybersecurity risks were analyzed in a recent report by Trustwave. The healthcare industry has faced a number of recent cyberattacks and new cybersecurity risks. 

According to the report, artificial intelligence (AI) and generative AI lead to unique implications and risks due to the sensitive nature of the data potentially being shared with these tools. Additionally, ransomware has become a growing threat following hospital ransomware attacks. 

According to the report, the following risks were unique to the healthcare industry:

• Custom applications: Healthcare organizations rely heavily on custom applications that often lack adequate security testing and code auditing, leading to undiscovered vulnerabilities.
• Third party reliance: Healthcare entities commonly engage with numerous third parties, further expanding the number of endpoints and users involved, thereby contributing to a growing threat surface.
• Internet of Things: The healthcare industry typically has a higher number of connected physical devices, such as heart monitors and imaging hardware, which often prioritize functionality over software security.
• Compliance: Healthcare organizations are often hesitant to implement changes quickly due to concerns about compliance with oversight agencies and compatibility issues with existing software and hardware.
• Patient care: The focus on patient safety and avoiding unexpected disruptions, like system crashes, leads healthcare organizations to be more cautious about adopting software patches or making changes that could jeopardize patient care.

Prevalent threat actors and threat tactics operating across healthcare

Threat actors

• LockBit 3.0
• ALPHV/BlackCat
• Clop
• DMA Locker
• Royal
• Babuk
• Magniber
• Black Basta
• RansomHouse

Threat tactics

• Phishing/BEC
• Vulnerability exploitation
• Logging in with valid credentials (unsecured, default, low complexity or purchased)
• Existing tools (Powershell, LOLBins)
• Webshells and stolen sessions
• Malware (infostealers, RATs, ransomware)
• DDoS

The full report is available here.