Many Cloud Attacks End in Financial Loss for Healthcare Sector

November 15, 2022 - Numerous cloud attacks are successfully exploiting the healthcare sector for financial gain, according to a newly released 2022 Cloud Security Report by cybersecurity vendor Netwrix.

Cloud infrastructure has become an integral part of daily workloads for millions of organizations worldwide, the press release stated.

In recent years, healthcare cloud adoption has steadily increased with the current drive toward digital transformation. Following this increase, 73 percent of healthcare organizations who use cloud infrastructure store sensitive data there, which puts the infrastructure at risk for attacks.

"Healthcare organizations plan to increase the share of their workload in the cloud from 38 percent to 54 percent by the end of 2023,” Dirk Schrader, vice president of security research at Netwrix, said in a public statement.

“Fast cloud adoption should be accompanied by relevant security measures and special attention to internet-of-things (IoT) devices and systems; for example, compromise of respirators or IV infusion devices can lead to physical harm to patients," Schrader said.

According to the report, 61 percent of respondents within the healthcare sector experienced an attack on their cloud infrastructure during the last 12 months, compared to 53 percent for other industries.

Specifically, phishing, ransomware, and malware attacks were the most common cloud security incidents healthcare organizations faced.

"The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry,” Schrader said in a public statement.

Compared to other industries, a cloud attack on the healthcare sector is twice as likely to result in financial consequences.

Only 14 percent of healthcare organizations that experienced an attack stated it had no impact, but 32 percent across other verticals stated the same.

“With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions,” Schrader continued. “Plus, the high value of data gives cyber criminals better opportunities at a financial gain: They can either sell stolen sensitive medical information on the dark web or extort a ransom for 'unfreezing' the medical systems used to keep patients alive."

Additionally, unexpected expenses to cover security gaps and compliance fines are the most common types of damage that the healthcare sector faces after a cyberattack.

"Network segmentation will help prevent one compromised device from impacting the entire system. IT teams must also strictly limit who — humans and machines — can access what data and systems according to the least-privilege principle, and regularly review and right-size those access rights," said Schrader.

Recently, the Cloud Security Alliance (CSA) released guidance warning healthcare organizations about the growing threat of ransomware in the healthcare cloud.

"Due to the nature of public cloud, where the underlying infrastructure is secured and managed by the cloud service provider, many customers incorrectly assume that the threat of ransomware in the cloud is less than in a private data center," the 2021 report stated.

"However, cloud services rely on the synchronization of data, and if ransomware encrypted data enters the synchronization process, data will run the risk of being propagated in the cloud. At this point, cloud applications become complicit in spreading the malware."