Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave SpiderLabs Research: Cybersecurity in the Healthcare Industry

 

The Trustwave SpiderLabs team conducted a months-long investigation into the cyber threats facing the healthcare industry and has provided a roadmap displaying how threat actors conduct an attack, methodologies used, and what organizations can do to protect themselves from specific types of attacks.

In the new report: Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape, SpiderLabs researches and explains the emerging and prominent threats facing the healthcare industry and breaks down the attack flow threat groups rely upon to conduct a successful attack.

Attackers often employ multiple vectors to target healthcare organizations persistently. While the technical aspects of these attacks may change over time, the underlying tactics tend to remain consistent. Traditional methods such as phishing emails, exploiting known vulnerabilities, and compromising third-party vendors continue to pose significant threats, which threat actors steadily improve to remain useful and dangerous.

A 2022 U.S. Department of Health and Human Services report spells out the danger noting attackers breached more than 28.5 million healthcare records in 2022, up significantly from just a few years earlier when 21.1 million records in 2019.

Stolen data, while important, pales in comparison to the primary danger attacks pose, patient health. Ransomware and Distributed Denial of Service (DDoS) attacks can impair a hospital’s ability to care for its patients by locking life-sustaining medical systems or denying physicians access to critical records.

Initial Findings

The Trustwave SpiderLabs team found threat groups gaining access often using valid access credentials, unsecured credentials, and Webshells. In addition to using credentials, SpiderLabs researchers noted a variety of specific vulnerabilities being used to gain initial entry, including Apache Log4J (CVE-2021-44228) and Spring Core RCE (CVE-2022-22965) and among the most active ransomware gangs being LockBit and ALPHV/BlackCat.

The highest-profile emerging threat detailed in the report is Generative AI and Large Language Models (LLM), such as ChatGPT, and the danger these pose specifically to healthcare organizations. While AI isn’t new, the advances made in Generative AI and LLMs are setting new benchmarks for what’s possible for healthcare organizations and for both adversaries and defenders. For healthcare, the risks are further heightened due to the sensitive nature of the data potentially being shared with these tools.

The report also takes a deep dive into prominent threats such as ransomware and supply chain exposure specific to this industry. The data points uncovered by SpiderLabs include the threat groups active in this space, the type of malware and tactics employed, and how to mitigate risk.

Trustwave SpiderLabs also extensively looks at how a cyberattack transpires and does so across numerous attack vectors such as business email compromise (BEC), ransomware, and Denial of Service attacks.

For each threat category, the report shows how threat groups:

  • Gain an initial foothold in a system
  • Down the initial payload
  • Move laterally through a system
  • Types of malware employed
  • Exfiltrate and operate post-compromise.

Although the healthcare industry isn’t alone in facing an elevated threat landscape, the consequences of attacks in this sector can be severe and potentially fatal. Attackers are highly motivated by financial gains and continually adapt their methods to outpace defenses, so it is imperative for healthcare organizations and their staff to be constantly on guard and prepared to deal with the myriad of attack groups, malware variants, and techniques in use.

Webinar

BTW_20247_picture1

For further details on the report and SpiderLabs’ findings please join us on July 18 at 9:30 am CDT | 3:30 pm BST for the webinar Securing the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape.

Shawn Kanady, Trustwave Director of SpiderLabs Threat Hunting, and Karl Sigler, Trustwave Senior Security Research Manager of SpiderLabs Threat Intelligence will discuss the findings and answer questions from the audience. Register Here.

 

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More