H-ISAC and Booz Allen Hamilton released a report and survey outlining the top cyber threats concerning healthcare executives in today’s sophisticated cyber threat landscape.

H-ISAC surveyed cybersecurity, IT, and non-IT executives and found no significant differences between the disciplines when the experts were asked to rank the top five greatest cybersecurity concerns facing their organizations in 2021 and 2022.

Ransomware deployment was the top-rated concern, followed by phishing and spear-phishing, third-party breaches, data breaches, and insider threats.

The report noted that over the past decade, the healthcare industry has improved interconnectivity and data accessibility. However, those technological advancements came at the cost of security in many cases.

“The healthcare industry is especially at risk due to the value of sensitive personally identifiable information (PII) housed within systems, an increase on the Internet of Medical Things (IoMT), insufficient cybersecurity protection, the need for data transparency, and ineffective employee awareness training,” the report noted.

“Often, healthcare providers rely on legacy systems; outdated computer systems that are still in use and provide less protection and increased susceptibility for an attack.”

In addition, the COVID-19 pandemic heightened risk due to an increase in remote work and the value of vaccine research and data.

Meanwhile, nation-state threat actors are increasing their attacks in severity and scope. The report pointed to Chinese and Russian nation-state threat actors as top threats in 2021 and going into 2022.

“With many nations making efforts to move beyond the pandemic, we assess that nation-state activity against healthcare will increase, especially with changes in strategic priorities around the globe,” the report continued.

“Tensions between Russia and Ukraine, as well as Chinese activity regarding Taiwan, are examples of nation-states returning to standard geopolitical strategies, which will reflect in cyberspace.”

Researchers predicted that Ransomware-as-a-Service (RaaS) will continue to be used and will become the most popular operating model for cybercriminals. In addition, threat actors will continue to look for vulnerabilities in medical devices due to the fact that most are on legacy systems.

“Due to the huge growth in cybercrime and large ransomware payouts, sophisticated and organized criminal groups will be able to invest heavily into R&D and develop new ways to conduct automated and effective scams,” the report predicted.

“The criminals will leverage machine learning, artificial intelligence and deep fakes to perpetrate efficient and effective criminal campaigns.”

Additionally, H-ISAC and Booz Allen Hamilton predicted that supply chain attacks would continue to increase considering the successful breaches of Kaseya and SolarWinds.

To mitigate threats, H-ISAC recommended that healthcare organizations implement network segmentation, endpoint security, and access controls. Healthcare executives should also adopt a layered defense approach within their organizations and utilize data backups as well as prevention and detection technologies.

As seen in HealthITSecurity: https://healthitsecurity.com/news/h-isac-report-identifies-top-cyber-threats-concerning-healthcare-execs