Ransomware accounts for 54% of cyber threats in the health sector

The European Union Agency for Cybersecurity (ENISA) releases its first cyber threat landscape report for the health sector.

The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape report for the health sector. The report identifies prime threats, threat actors, and trends and covers a period of over 2 years. The document also analyzes the impact of the cyber attacks on the sector and provides details about the most targeted entities and affected assets.

The study is based on a total of 215 publicly reported incidents in the EU and neighboring countries.

The first data that emerged from the report is that ransomware accounts for 54% of cybersecurity threats in the health sector. Most of the surveyed organisations (73%) in the health sector haven’t a program to mitigate ransomware attacks.

According to the report, organizations in the European health sector experienced a significant number of incidents, with healthcare providers accounting for 53% of the total incidents. 42% of incidents reported targeted hospitals, while health authorities, bodies and agencies accounted for 14%, and the pharmaceutical industry for 9%.

Most of the attacks are financially motivated, the threat actors attempted to extort both health organisations and patients. Most targeted assets (30%) are patient data, including electronic health records. The experts pointed out that nearly half of all incidents (46%) aimed to steal or leak health organisations’ data.

Clearly, the current geopolitical scenario led to a surge in Distributed Denial of Service (DDoS) attacks carried out by pro-Russian hacktivist groups like Killnet.

The overlap of the reporting period with a significant portion of the COVID-19 pandemic era is another cause for the surge of attacks against organizations in the healthcare sector.

“Financially motivated threat actors, driven by the value of patient data, were responsible for the majority of attacks (53%). The pandemic saw multiple instances of data leakage from COVID-19-related systems and testing laboratories in various EU countries.” reads the report. “Insiders and poor security practices, including misconfigurations, were identified as primary causes of these leaks. The incidents serve as a stark reminder of the importance of robust cybersecurity practices, particularly in times of urgent operational needs.”

The report also states that the attacks on healthcare supply chains and service providers resulted in disruptions or losses to health organisations (7%).

The report analyzed various incidents that had a significant impact on health organizations. These incidents primarily involved the compromise or theft of data, accounting for 43% of the cases. Healthcare services experienced disruptions in 22% of the attacks, while non-healthcare services suffered disruptions in 26% of the cases. The report further emphasizes the financial implications, revealing that the median cost of a significant security incident in the health sector is estimated at €300,000, as indicated by the ENISA NIS Investment 2022 study.

“A high common level of cybersecurity for the healthcare sector in the EU is essential to ensure health organisations can operate in the safest way. The rise of the covid-19 pandemic showed us how we critically depend on health systems. What I consider as a wake-up call confirmed we need to get a clear view of the risks, the attack surface and the vulnerabilities specific to the sector.” Executive Director of the European Union Agency for Cybersecurity (ENISA), Juhan Lepassaar “Access to incident reporting data must therefore be facilitated to better visualise and comprehend our cyber threat environment and identify the appropriate mitigation measures we need to implement.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, health sector)