Cyberattacks Threats and Trends

Navigating the Complexities of Cyber Attacks in 2023 and Emerging Trends in Cybersecurity?

In the wake of rapid technological advancement, particularly in the healthcare sector, the cybersecurity landscape throughout?2023 underwent a seismic shift. Unfortunately, this trend looks set to continue through 2024. ?

2023 witnessed an alarming surge in cyber threats, leaving organizations grappling with multifaceted challenges posed by malicious threat actors seeking to exploit vulnerabilities for financial gain. As a result, organizations lost trillions of dollars through business interruptions, forensic investigation, and restitution costs. However, many of these victims remain vulnerable and are exposed to costly future data breaches because they failed to address underlying security vulnerabilities.?

It appears that lessons remain unlearned, and cyberattack victims merely meet the minimum standards to appease regulators and cyber risk insurers without significantly enhancing security or preventing subsequent breaches. Regrettably, the mentality of "good enough for government" seems to have permeated healthcare executive leaders. The reality is that cyber risk constantly evolves, with threats changing daily. In healthcare, the threat landscape transforms daily with the continual addition of connected devices to networks. Without a deep understanding of risks, defending against an inevitable cyberattack becomes unfeasible.

So, what did this year look like from a numbers perspective?

Trends in Cybersecurity 2023

The past twelve months have unraveled a series of unprecedented challenges, with cyber attackers relentlessly targeting hospitals worldwide. The healthcare sector, already burdened with the critical responsibility of patient safety and safeguarding sensitive patient data, found itself under increased siege from sophisticated cybercriminals. These threat actors, continuously evolving their tactics, have intensified their assaults, making the need for robust cybersecurity measures an urgent imperative.

Alarming Statistics and Impact Analysis

The statistics paint a daunting picture. The U.S. Department of Health and Human Services’ breach portal starkly revealed the staggering impact of healthcare cyber breaches, affecting over 83 million people’s protected health information (PHI) by November 2023. ?A recent interview with John Riggi, cybersecurity adviser for the American Hospital Association, underscored the gravity of the situation. John shared that more than 100 million Americans had been impacted by healthcare cyberattacks in 2023 compared to 44 million in 2022. This marks an alarming concern in escalation compared to previous years. ?

During these tumultuous times, insights from industry reports and analyses serve as guiding beacons. Check Point’s comprehensive findings reinforced this disconcerting reality, revealing that healthcare was the third most targeted sector by attackers in 2023 and the fifth most impacted by ransomware overall. Notably, an earlier report by Check Point found that the first half of 2023 witnessed an alarming 18% surge in healthcare cyberattacks compared to the corresponding period the previous year. In addition, the financial implications of cybercrime have reached unprecedented heights. A November study by Statista highlighted the staggering estimated cost of cybercrime globally in 2023, which soared to a monumental $8.15 trillion, nearly tripling 2020 figures. ?

Economic Implications and Future Forecasting

These numbers, when juxtaposed with the GDP of leading economies, highlight the alarming magnitude of cybercrime’s economic impact, rivaling the economic prowess of all but two countries worldwide. December figures released in Forbes India show that the U.S. economy is worth around $26 trillion, followed by China at $17 trillion, then Germany, with an economy sized at around $4 trillion. ?

Findings released earlier this year by IBM also emphasized the financial tolls of cyber incidents, revealing the global average cost of a breach in 2023 was $4.45m, a substantial 15% increase compared to 2020. The study also found that following a data breach, more than half (51%) of organizations are planning to increase security investments and that organizations that extensively use AI and automation within their security processes saved $1.76m compared to those that don’t. This provides a compelling incentive for organizations to integrate these technologies into their cybersecurity frameworks.?

To further complicate the threat landscape for healthcare delivery organizations (HDOs), the number of IoT devices in healthcare environments is increasing drastically, making attack surfaces bigger and more complex and giving cybercriminals more potential routes of access. Forecasts from Statista revealed that the number of IoT devices connected to endpoints is estimated to reach 15.14 billion in 2023. This figure is projected to surge to a staggering 29.42 billion by 2030, accentuating the urgency for fortified cybersecurity measures to counter the ever-evolving cyber threats.

The key cyberattacks in 2023

In the last 12 months, data breaches and cyberattacks have affected countless hospitals and healthcare centers in this tumultuous cyber landscape. Here are three of the most impactful incidents:

1. MOVEit Transfer Hack – The MOVEit Transfer software is a crucial tool used by thousands of organizations worldwide to safely move and share large quantities of sensitive data. In May, Progress, the company that makes the software, revealed a critical zero-day vulnerability in the program. In the following weeks and months, hackers executed breaches impacting organizations across various sectors globally, resulting in tens of millions of pieces of data being stolen and leaked online. Notably, government contractor Maximus and the Colorado Department of Healthcare Care Policy and Financing suffered massive breaches. The Maximus breach resulted in 11 million people’s healthcare information being compromised, including social security numbers. The Colorado Department of Health Care Policy and Financing’s attack exposed more than 4 million sensitive records, thus making the MOVEit Transfer breaches by far the largest in 2023.
2. HCA Healthcare Data Breach – One of the largest healthcare cyberattacks involved HCA Healthcare, the biggest private healthcare provider in America. The breach impacted more than 11 million people across 20 States in the U.S., with highly sensitive information, including patient names, partial addresses, and appointment information being stolen. The hospital learned of the breach in early July, later telling the media that it had been caused by an “external storage location exclusively used to automate the formatting of email messages” being compromised.
3. Ardent Health Services (AHS) – In November, half a dozen hospitals belonging to AHS were hit with a critical ransomware attack. The breach caused huge disruption over the Thanksgiving holidays and resulted in Ardent taking its network offline. Immediately after the attack, the organization stated that it would be “suspending all user access to its information technology applications, including corporate servers, Epic software, internet, and clinical programs.” The breach impacted hundreds of thousands of patients across many sites.?

Challenges and the Path Forward

2023 was extremely difficult for healthcare delivery organizations from a cybersecurity standpoint. The number of attacks has risen, attack surfaces have expanded, and the number of patients and staff affected by breaches has reached its highest level in history. The 2024 forecast remains grim as these issues are unlikely to change, particularly with emerging technologies such as AI and deepfakes providing attackers with new avenues to breach organizations and compromise data. ?

However, amidst these challenges lie opportunities for proactive measures. Healthcare organizations can fortify their cyber defenses through strategic initiatives, including:??

• Implementing robust encryption protocols to safeguard sensitive data.?
• Heightening employee cybersecurity awareness through comprehensive training programs.?
• Deploying AI-driven security solutions to preemptively detect and mitigate potential threats.?

Exploring Comprehensive Cybersecurity Solutions?

For organizations seeking to fortify their cybersecurity posture, expert guidance and innovative solutions prove invaluable. The Cylera team stands at the forefront, offering cutting-edge healthcare cybersecurity processes and solutions tailored to address the evolving threat landscape. To learn more about enhancing cybersecurity measures and to explore the Cylera platform, connect with the Cylera team at Contact Cylera or visit https://cylera.com/platform/how-cylera-works/

As the cyber arms race continues to intensify, the imperative for robust cybersecurity measures becomes more pronounced than ever. Healthcare institutions navigating this treacherous terrain must remain vigilant, adaptive, and proactive in fortifying their defenses against the relentless onslaught of cyber threats in 2023 and beyond.