A study done in 2014 showed that 94% of health care institutions have been victims of cyber-attacks.
Based on Medical IT Advisors Threat Information Platform analysis of incidents related to Asia-Pacific, the United States, and the European Union, as well as various other threat intelligence agencies reports, business email compromise (BEC) and ransomware from phishing or dark web compromised credentials is growing and is quickly becoming the number one risk for healthcare organizations.
Recent years have seen an increase in phishing occurrences coming from “trusted” organizations or services that are being abused. Phishing emails will often dangle a financial reward, or something “too good to be true” with urgency or a strict deadline for performing an action. Other attempts could be a promise to show something exciting or forbidden or threating with negative consequences or punishment.
The phishing email will often have an unexpected attachment, spoofed website, or link to update your password. It is often best to call the sender to verify if the email is legitimate before taking any action.
The United States has seen an increase in Ransomware, especially from Ransomware as a Service (RaaS) groups using double and even triple extortion tactics. Data is encrypted, exfiltrated from the attacked healthcare organization and then the groups threaten to publish data, sometimes directly the extorting patients, and finally threaten a Distributed Denial of Service (DDoS) attack. In fact, the HHS Health Sector Cybersecurity Coordination Center (HC3) has found that 60% of global cyber incidents in the first half of 2021 targeting healthcare providers impacted the United States health sector. Ransomware incidents are becoming linked to data breaches since in at least 72% of the ransomware incidents, victim data was leaked.
Read the article on Advancesradonc.org: https://www.advancesradonc.org/article/S2452-1094(21)00154-8/fulltext#%20