Search engine giant’s Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives.
“Healthcare’s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.
Google reports that studies from academics and internal hospital reviews show that the disruption from ransomware attacks has already led to life-threatening consequences for patients. Disruptions from cyber-attacks can impact not only individual hospitals but also the broader healthcare supply chain and cyber-attacks on companies that manufacture critical medications and life-saving therapies can have far-reaching consequences worldwide.
Healthcare cyber-attacks now cost lives
For example, UK National Health Service data illustrates how a June 2024 ransomware incident at a contractor led to multiple cases of “long-term or permanent impact on physical, mental or social function or shortening of life-expectancy,” with more numerous cases of less severe effects.
Google warns that the situation has now reached a point where governments must recognize cybercrime as a pernicious national security threat and allocate resources accordingly. This includes prioritizing intelligence collection and analysis on cybercriminal organizations, enhancing law enforcement capacity to investigate and prosecute cybercrime, and fostering international cooperation to dismantle these transnational cybercriminal networks.
Crossover between cybercrime and rogue states
Google also reports ongoing cooperation between organized cybercriminal gangs and rogue nation-states such as Russia, China, North Korea and Iran. For Example, Russia has drawn on criminal capabilities to fuel the cyber support to their war in Ukraine. GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cybercrime communities to conduct espionage and disruptive operations in Ukraine. Conversely, CIGAR (aka RomCom), a group that historically focused on cybercrime, has conducted espionage operations against the Ukrainian government since 2022.
Google argues that a hospital disrupted by a state-backed group and a hospital disrupted by a financially-motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be.
