The US healthcare sector is now reeling from a seemingly never-ending series of cyberattacks. The problem is becoming so dire that there is growing concern that it may even spark a genuine healthcare crisis. The recent ransomware attack on Kettering Health, for example, which operates 14 hospitals and over 120 medical facilities in Ohio, is merely the latest volley in a remorseless wave of cyberattacks on the cash-rich sector.
At the start of this year Cyber Intelligence predicted that attacks on the sector would gather pace this year, following a devastating round of widespread cyber attacks on US medical facilities in 2024, when 84 percent of US healthcare organizations experienced a cyber-attack, with 70 percent being forced to deal with financial damages resulting from cyber incidents. Additionally, 21 percent reported a change in leadership due to the attacks.
During the first half of this year, the cybercrime industry’s assault on the sector has continued apace. And it is not only medical services that are being disrupted. Highly organized cybercriminal groups, generally based outside the US, are now also targeting patients, with an estimated 14 million patients impacted by data breaches last year alone. With Kettering Health’s data now severely compromised by the attack, patients are being warned to be wary of unsolicited calls and Kettering Health temporarily suspended outgoing calls to patients directly following the attack.
Healthcare is a latecomer to the game
One of the main reasons that the US healthcare sector has been caught napping by cybercriminals in a way that the financial services sector has not is that healthcare is a latecomer to the game of cat and mouse played by cybercriminal groups. Only a few years ago, cybercriminal gangs were still attempting to paint themselves as 21st century Robin Hoods and generally made a point of avoiding attacking healthcare facilities. At the same time, attacking major banks and other financial institutions was regarded by many naïve members of the public as a largely victimless crime.
This forced financial institutions to invest heavily in fortifying their cyber defences, while healthcare concentrated on patient care and business operations. Healthcare also invested heavily in new digital technologies designed to interact with patients to save physicians’ time and cut costs. This widening customer interface has become a broad attack surface now being ruthlessly exploited by cybercriminal groups. Nefarious Mantis, for example, the group widely believed to be behind the Kettering Health attack, is known for targeting US healthcare organizations and deploying ransomware after gathering intelligence inside the networks.
This period, when the attacker is inside the system without the knowledge of the victim organization, is known as ‘dwell time’. In the case of the poorly defended US healthcare sector, this enables cybercriminal groups not only to uncover weaknesses and lift critical data but also to track patient records. As the 2015 attack on Ashley Madison, a dating site favoured by married cheaters evidences, exposing individuals’ sexual histories is effectively a blackmailer’s charter. Sadly, healthcare facilities invariably hold a wealth of potentially damaging information on their patients’ sexual histories, leaving their customers open to the vilest kind of sextortion.
