2023-12-06 09:57:44
by Ruggiero Corcella
Reports are also increasing in our country, both in the public and private sectors. Hackers usually try to block systems and then demand a monetary ransom
Expert analyzes agree: healthcare is increasingly the object of desire by cyber criminals. In Italy, the latest attack in chronological order, but also in terms of severity, occurred on 28 November against the local health authority, the Modena University Hospital and the Sassuolo hospital, causing serious disruption to medical services and putting the security of sensitive patient data at risk. patients.
Not that things are better abroad, on the contrary. In the United States, according to the Hipaa Journal (a specialist newspaper that deals with news on the Health Insurance Portability and Accountability Act, the US privacy law), on 1 December the Corewell Health group suffered the fourth most serious data breach of the 2023 with the exposure of 28.5 million health records belonging to 1 million patients.
In the first six months of 2023, the scenario of cyber attacks against the healthcare sector showed worrying trends, reflecting the global situation. It is once again confirmed as the second most coveted target by cyber criminals, with 14.5% of total attacks compared to 12.2% in 2022 (it represented 10.4% in 2018), says Sofia Scozzari, CEO & Founder of Hackmanac, of the Clusit and Women For Security Steering Committee)
More than 200 accidents
According to the findings of Report Clusit 2023in the first half of the year there were 200 successful and public incidents at a global level that affected the healthcare sector and occurred mainly due to cybercriminal activities (98%), with a very small share of Hacktivism (2%).
Considering the attack techniques that are most used, the use of malware increases, going from 32% of the total incidents in 2022 to 35% – Scozzari specifies -. Malicious software, with particular reference to the growing threat of ransomware, undermines the “Unknown” techniques which last year represented 45% of attacks against this sector, while this year they drop to 34%. This is followed by the exploitation of vulnerabilities (16% of the total), including zero-days, i.e. problems that are not yet known for which there is no remedy. Finally, other techniques used to a lesser extent concern account hacking (8%), social engineering and phishing (3%) and DDoS (2%).
The most targeted countries: USA and Europe in the first two places
As usual, the attacks are mainly concentrated on American territory (84% of the total incidents), a factor strongly influenced by the historical presence of regulations that oblige the disclosure of cyber incidents. Europe, the second most targeted continent, appears to be slightly decreasing in the first six months of the year (from 11% in 2022 to 8%), while attacks towards Asia doubled (from 2% to 4% ). However, the situation is relatively stable with regards to Oceania, Africa and multiple locations.
Il Report Enisa
Confirmation of the increase in IT incidents affecting healthcare also comes from Report published in July 2023 by the European Union Agency for Cybersecurity (Enisa). The European healthcare sector has suffered a significant number of incidents (53%). Hospitals, in particular, bore the brunt, with 42% of incidents reported. Additionally, health authorities, institutions and agencies (14%) and the pharmaceutical industry (9%) were targeted.
Ransomware, which encrypts data and holds it hostage until a ransom is paid, has emerged as a major threat in healthcare (54% of incidents). Patient data, including electronic health records, were the most targeted assets (30%). Alarmingly, nearly half of all incidents (46%) aimed to steal or disclose healthcare organizations’ data.
Disruptions in patient care
Also the report data Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023– by Ponemon Institute, one of the main research organizations on cybersecurity, and Proofpoint, on the effects of cybersecurity in the US healthcare sector, found that 88% of the healthcare companies interviewed have suffered an average of 40 attacks in the last 12 months, with an average total cost of $4.99 million, up 13% from the previous year.
Among companies that experienced the four most common types of attacks – cloud compromise, ransomware, supply chain compromise and business email compromise (BEC) – 66% experienced disruptions to patient care. Specifically, 57% reported poor outcomes due to delays in procedures and tests, 50% reported increased complications in medical processes, and 23% reported increased patient mortality rates. These numbers mirror last year’s findings, indicating that healthcare organizations have made little progress in mitigating the risks of attacks on patient safety and health.
Serious consequences
The most worrying aspect concerns the severity of the impacts. In the first half of the year, 79% of attacks on the healthcare sector had serious or very serious impacts, compared to 71% in the previous year, highlighting an increasingly dangerous trend – underlines the expert -. In particular, attacks with critical severity are growing, which at this point represent over a third of the total (33%). However, attacks with high severity were substantially stable, while medium impacts lost 7 percentage points.
Extortion and paid hackers
Cyber attacks show no signs of abating. According to the analysis of the first 6 months of 2023 carried out by Cisco Talos, the largest private intelligence organization in the world dedicated to cybersecurity, the majority of attacks had extortion as their final aim. The most used technique was to steal sensitive data from companies, demanding a large sum of money under the threat of handing over that same data to the dark web. Another growing phenomenon is that of paid hackers, criminals who market their illegal services by offering various attack tools. Not only. Cisco Talos also detected new realities: cyber mercenary groups, espionage campaigns, supply chain attacks and new tools as a service.
Corriere della Sera also on Whatsapp. sufficient click here to subscribe to the channel and always be updated.
December 6, 2023 (modified December 6, 2023 | 08:36)
© ALL RIGHTS RESERVED
#stolen #data #interrupted #assistance #USA #higher #mortality #time.news