Cyber Threats Escalate Against Healthcare
What happened
State-sponsored actors like the Lazarus Group are now deploying Medusa ransomware against healthcare providers, indicating more scalable extortion campaigns. The sector also faces significant third-party risk, exemplified by a breach at Vicor Scientific that exposed 140,000 medical records through a vendor. Concurrently, generative AI is being used by less-skilled attackers to compromise enterprise firewalls, lowering the barrier for large-scale cyberattacks.
Why it matters
- The North Korean state-sponsored Lazarus Group, previously known for the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack, has a history of financially motivated cybercrime to circumvent international sanctions. - Medusa ransomware operates on a Ransomware-as-a-Service (RaaS) model, where affiliates use the malware in exchange for a share of the profits, a structure that has enabled over 366 claimed attacks since its emergence in 2023. - The breach at Vicor Scientific originated with one of its vendors, Catalyst RCM, a revenue cycle management company; the Everest ransomware group claimed responsibility and leaked the stolen data after a ransom was not paid. - Compromised data from the Vicor Scientific vendor breach included patient names, dates of birth, diagnoses, medical treatment history, health insurance information, and payment card details with access codes. - Ransomware attacks have a direct impact on patient care, with one survey showing they can lead to longer hospital stays, delays in medical procedures, and an increase in patient mortality rates. - Third-party vendors are a significant weak point; in 2023, 58% of all individuals impacted by healthcare data breaches were the result of an attack on a business associate or vendor. - The healthcare sector is the most targeted industry for third-party breaches, accounting for 41% of such incidents in 2024. - Generative AI has led to a 1,200% increase in phishing attacks since late 2022, as it allows attackers to create customized phishing campaigns and malicious payloads at a large scale.
Key numbers
- The sector also faces significant third-party risk, exemplified by a breach at Vicor Scientific that exposed 140,000 medical records through a vendor.
- - The North Korean state-sponsored Lazarus Group, previously known for the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack, has a history of financially motivated cybercrime to circumvent international sanctions.
- Medusa ransomware operates on a Ransomware-as-a-Service (RaaS) model, where affiliates use the malware in exchange for a share of the profits, a structure that has enabled over 366 claimed attacks since its emergence in 2023.
- Third-party vendors are a significant weak point; in 2023, 58% of all individuals impacted by healthcare data breaches were the result of an attack on a business associate or vendor.
Quick answers
What happened in Cyber Threats Escalate Against Healthcare?
State-sponsored actors like the Lazarus Group are now deploying Medusa ransomware against healthcare providers, indicating more scalable extortion campaigns. The sector also faces significant third-party risk, exemplified by a breach at Vicor Scientific that exposed 140,000 medical records through a vendor. Concurrently, generative AI is being used by less-skilled attackers to compromise enterprise firewalls, lowering the barrier for large-scale cyberattacks.
Why does Cyber Threats Escalate Against Healthcare matter?
The North Korean state-sponsored Lazarus Group, previously known for the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack, has a history of financially motivated cybercrime to circumvent international sanctions. Medusa ransomware operates on a Ransomware-as-a-Service (RaaS) model, where affiliates use the malware in exchange for a share of the profits, a structure that has enabled over 366 claimed attacks since its emergence in 2023. The breach at Vicor Scientific originated with one of its vendors, Catalyst RCM, a revenue cycle management company; the Everest ransomware group claimed responsibility and leaked the stolen data after a ransom was not paid. Compromised data from the Vicor Scientific vendor breach included patient names, dates of birth, diagnoses, medical treatment history, health insurance information, and payment card details with access codes. Ransomware attacks have a direct impact on patient care, with one survey showing they can lead to longer hospital stays, delays in medical procedures, and an increase in patient mortality rates. Third-party vendors are a significant weak point; in 2023, 58% of all individuals impacted by healthcare data breaches were the result of an attack on a business associate or vendor. The healthcare sector is the most targeted industry for third-party breaches, accounting for 41% of such incidents in 2024. Generative AI has led to a 1,200% increase in phishing attacks since late 2022, as it allows attackers to create customized phishing campaigns and malicious payloads at a large scale.
