Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Cybersecurity in the Healthcare Industry: Trustwave SpiderLabs Report

In their latest report titled "Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape," the Trustwave SpiderLabs team reveals the data from a months-long investigation focusing on the cyber threats the healthcare industry is currently grappling with.

The report presents a comprehensive roadmap that highlights the attack methodologies employed by threat actors, offering valuable insights on how organizations can safeguard themselves against specific types of attacks. SpiderLabs' research sheds light on the evolving and significant threats confronting the healthcare sector, while also providing a detailed analysis of the attack flow utilized by threat groups to execute successful cyberattacks.

SpiderLabs found that attackers often employ multiple vectors to target healthcare organizations persistently. While the technical aspects of these attacks may change over time, the underlying tactics tend to remain consistent. Traditional methods such as phishing emails, exploiting known vulnerabilities, and compromising third-party vendors continue to pose significant threats, which threat actors steadily improve to remain useful and dangerous.

A 2022 U.S. Department of Health and Human Services report spells out the danger noting attackers breached more than 28.5 million healthcare records in 2022, up significantly from just a few years earlier when 21.1 million records in 2019.

Stolen data, while important, pales in comparison to the primary danger attacks pose, patient health. Ransomware and Distributed Denial of Service (DDoS) attacks can impair a hospital’s ability to care for its patients by locking life-sustaining medical systems or denying physicians access to critical records.

Initial Findings

The Trustwave SpiderLabs team found threat groups gaining access often using valid access credentials, unsecured credentials, and Webshells. In addition to using credentials, SpiderLabs researchers noted a variety of specific vulnerabilities being used to gain initial entry, including Apache Log4J (CVE-2021-44228) and Spring Core RCE (CVE-2022-22965) and among the most active ransomware gangs being LockBit and ALPHV/BlackCat.

The highest-profile emerging threat detailed in the report is Generative AI and Large Language Models (LLM), such as ChatGPT, and the danger these pose specifically to healthcare organizations. While AI isn’t new, the advances made in Generative AI and LLMs are setting new benchmarks for what’s possible for healthcare organizations and for both adversaries and defenders. For healthcare, the risks are further heightened due to the sensitive nature of the data potentially being shared with these tools.

The report also takes a deep dive into prominent threats such as ransomware and supply chain exposure specific to this industry. The data points uncovered by SpiderLabs include the threat groups active in this space, the type of malware and tactics employed, and how to mitigate risk.

Trustwave SpiderLabs also extensively looks at how a cyberattack transpires and does so across numerous attack vectors such as business email compromise (BEC), ransomware, and Denial of Service attacks.

For each threat category, the report shows how threat groups:

  • Gain an initial foothold in a system
  • Down the initial payload
  • Move laterally through a system
  • Types of malware employed
  • Exfiltrate and operate post-compromise.

Although the healthcare industry isn’t alone in facing an elevated threat landscape, the consequences of attacks in this sector can be severe and potentially fatal. Attackers are highly motivated by financial gains and continually adapt their methods to outpace defenses, so it is imperative for healthcare organizations and their staff to be constantly on guard and prepared to deal with the myriad of attack groups, malware variants, and techniques in use.

Upcoming Webinar

BTW_20247_picture1

For further details on the report and SpiderLabs’ findings please join us on July 18 at 9:30 am CDT | 3:30 pm BST for the webinar Securing the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape.

Shawn Kanady, Trustwave Director of SpiderLabs Threat Hunting, and Karl Sigler, Trustwave Senior Security Research Manager of SpiderLabs Threat Intelligence will discuss the findings and answer questions from the audience. Register Here.

Latest SpiderLabs Blogs

Important Security Defenses to Help Your CISO Sleep at Night

This is Part 13 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies

Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as...

Read More

How to Create the Asset Inventory You Probably Don't Have

This is Part 12 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More