Reading:
Increased Healthcare Security Breaches in 2022

Increased Healthcare Security Breaches in 2022

November 11, 2022

Data from the US government shows that there has been a significant increase in healthcare security breaches

At least 125 data breaches of healthcare organizations have been reported since the beginning of April, according to a list compiled by the US Department of Health and Human Services (HHS). 

The US Health Department Warns of Venus Ransomware 

The United States Department of Health and Human Services (HHS) issued a warning that healthcare organizations across the nation are being targeted by Venus ransomware

report from The Health Sector Cybersecurity Coordination Center (HC3) states that there has been at least one incident of Venus ransomware being used to attack the networks of US healthcare organizations, and there are no data leak sites linked to the Venus ransomware affiliates. 

“The operators of Venus ransomware are not believed to operate as a ransomware-as-a-service (RaaS) model, and no associated data leak site (DLS) exists at this time.” 

Active Ransomware Threats in Healthcare

Venus Ransomware has been active worldwide since it was first recognized in August 2022. It is known to spread through hacking into Windows devices’ exposed remote desktop services.

The same method has been employed by the Quantum ransomware group of Quantum Locker operations, which also targets healthcare organizations.

In June, Quantum began their Jormungandr campaign, their version of BazarCall; this technique involves emailing victims for phishing. After convincing the victim to participate in a remote access session, they collect information from the system they can use to infect it. Quantum affiliates have impersonated numerous brands with this technique, including CrowdStrike and Oracle

Professional Finance Company Inc (PFC) disclosed in a data breach notification that a Quantum ransomware attack from late February resulted in a data breach that affected 657 healthcare organizations

Quantum attacked New Jersey Healthcare’s network in July and demanded a ransom of $500,000 in exchange for the information they stole. The group also attacked Interim Healthcare around the same time and a biopharmaceutical company and clinic in June. 

Another thing to note is that according to the HHS Cybersecurity Program, listed below are the RaaS groups that targeted the healthcare industry the most: 

The Most Expensive Industry: Healthcare

According to the IBM Cost of a Data Breach Report in 2022, healthcare breach costs have risen by 41.6% since the 2020 report, making it the most expensive sector for the past 12 years.

The average total cost of a healthcare breach increased from $9.23 million in the report from 2021 to $10.10 million in 2022, an increase of $0.87 million or 9.4%.

The US government sees healthcare as critical infrastructure, making it one of the more highly regulated industries.

Threat actors obtain the most valuable data from healthcare breaches.
Threat actors obtain the most valuable data from healthcare breaches. (Source: IBM)

Researches show that healthcare organizations need to spend more money to strengthen their defenses against cyberattacks. 

Some industries allocate between 10% and 15% of their IT budgets to cybersecurity. According to the HIMSS survey, healthcare organizations typically spend at most 6% of their IT budgets on cybersecurity. 

Medibank Data Theft as a Recent Case 

Last month, an Australia-based private insurance provider named Medibank received a ransom demand from unidentified hackers but declined to pay. The threat actor has published customer data believed to have been taken from Medibank’s systems on a dark web forum. 

Personal information like names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for ahm customers (without expiration dates), and occasionally passport numbers for our international students (also without expiration dates) are included in this data.

According to AFP Commissioner Reece Kershaw’s statement: 

“The AFP will consult with Russian law enforcement regarding the suspects because it thinks those behind this cybercrime are in Russia.“

Additional Healthcare Incidents 

Federal authorities in the United States have issued warnings about additional ransomware attacks this year aimed at healthcare organizations nationwide.

  • Previous alerts have included cautions about threat actors using the ransomware payloads Maui and Zeppelin to attack Healthcare and Public Health (HPH) organizations.
  • FBI, CISA, and HHS warned last month about how the HPH sector is being targeted by ongoing ransomware attacks by a cybercrime organization known as Daixin Team
  • Yuma Regional Medical Center in Arizona recently revealed that it had been the target of a ransomware attack that exposed the data of 700,000 people
  • A Quincy-based business claimed in a statement that personal medical information, including names, Social Security numbers, addresses, insurance details, details of medical procedures, and more, was accessed. According to the Office for Civil Rights at the US Department of Health and Human Services, two million people are reportedly impacted by the hacking incident. 
  • In a breach notification to the Maine Attorney General, Partnership HealthPlan of California (PHC) acknowledged that attackers had possibly stolen the protected health information of 854,913 current and former health plan members. Allegedly 400 GB of files were stolen by the Hive ransomware gang. Threat actors momentarily uploaded a sample to their data leak site. 
  • Keystone Health is informing 235,237 patients in Pennsylvania about an incident that was reported on its website. An investigation revealed that an unauthorized person accessed files on their system. Some of those files included names, Social Security numbers, and clinical data related to patients.