We looked at the top five cyberattacks impacting healthcare organizations and hospitals in 2023, a year of havoc on the industry that left patients vulnerable and unprotected.
In the first three months of 2023, the healthcare industry saw 145 data breaches.
Healthcare security has been threatened by ransomware attacks, phishing scams, and medical device hacking. The results are costly and, more importantly, prey on sensitive patient information.
It's no surprise that healthcare is such a hot target, either. Patient information has everything a cybercriminal would salivate over. Addresses, names, birth dates, payment information, and Social Security numbers are available and easily accessed once in the system. This is why 95% of all identity theft can be traced back to healthcare breaches.
Moreover, healthcare organizations pay up when a ransom is demanded.
Due to a pertinent need for their business to return to normal, a ransom is an easy way to prevent any leaks or delays. This gives hackers even more of a reason to breach their data and may be the reason for the uptick in data breaches within the healthcare industry.
On average, cyberattacks cost the healthcare industry upwards of $10.1 million. And that amount is growing annually.
In order to ensure safety, healthcare organizations must implement proper security training for cybersecurity and invest in technology that can protect them for the future. As cybercriminals become smarter, so must the organizations at risk.
According to Cybernews, the United States remains the top country for cyberattacks — in general — with Russia and France following closely behind.
As we reflect on the last year, we organized a list of the top five cyberattacks on healthcare.
1. Managed Care of North America Inc.
In March, Managed Care of North America (MCNA) discovered that a third party could access systems within their IT network from February 26 to March 7. They took immediate action, and a cybersecurity firm began their investigation.
MCNA, a dental insurer, reported the breach to the Maine Attorney General, who noted that 8,923,662 people were impacted, making it the largest healthcare data breach by a single entity in 2023.
In research published by FreeAgent, 70% of healthcare organizations said ransomware attacks were responsible for slowing down payment processing, medical record examination, and patient recovery time, leading to a long length of stay for a patient.
Names, addresses, phone numbers, email addresses, birth dates, Social Security numbers, driver's license numbers, ID numbers, health insurance information, Medicaid/Medicare information, and dental information were all obtained by the cybercriminals.
Ultimately, the LockBit ransomware group would claim responsibility, and they would go on to leak some of their stolen data on the dark web. They demanded a $10 million ransom to prevent leaking all of the data.
On April 7, 2023, LockBit was not paid, and they published all of the stolen files.
2. Ardent Health Services
A ransomware attack on November 23 forced Ardent Health Services to divert patients and their ambulance rides from 30 hospitals in six states to other hospitals nearby. While the majority of the emergency rooms opened soon after closure and began accepting new patients again, the ambulance diversion to other hospitals caused disruption. And it painted a picture of what could happen when systems go down.
The Nashville-based company immediately began working on a solution once they were aware of the attack. Ardent published in a statement that they took their network offline and suspended all user access and clinical programs.
This type of cyberattack exemplifies the very real concern of patient health and the impact on safety and care in times of crisis.
Azi Cohen, the CEO of CyberMDX, a company that protects healthcare organizations from cyberattacks, told Cybernews that healthcare attacks are different than other industries. He said, "...in healthcare, human lives are at risk."
As of now, the extent of patient health or financial data that was compromised is unknown.
3. PharMerica Data Breach
In the same month as MCNA, PharMerica, one of the country's largest providers of pharmacy services, received a notification from the ransomware group, Money Message, that they had breached their system along with BrightSpring Health Services, PharMerica's parent company. The breach took place between March 12 and March 13.
Money Message claimed they had access to 4.7 terabytes of data — which included data records of 2 million people. However, that number was much larger, and PharMerica and BrightSpring reported that 5,815,591 individuals were impacted by the breach.
PharMerica would go on to publish a statement that said, "We have no reason to believe anyone's information had been misused for the purpose of committing fraud or identity theft."
However, when Money Message didn't recieve a ransom payment by April 9, they published all of the stolen records on a hacking site.
Since the attack, PharMerica has implemented additional cybersecurity systems to ensure safety for the future.
The California-based telehealth start up organization, Cerebral, played a part in its own data breach that occurred in early 2023.
By installing tracking pixels from Google, Meta, and TikTok, Cerebral inadvertently published information on mental health treatment and other sensitive information like contact information, intake responses, and treatment details, which is a major HIPPA violation.
The telehealth company contacted patients, letting them know they didn't know the third parties had access to the data.
It's still unclear if this will cost Cerebral an immense amount of money, but their reputation is surely damaged.
According to a 2023 Sophos report, healthcare organizations take longer to recover from cyberattacks, with only 47% recovering within a week and 28% taking more than a month. The longer they take to recover, the higher the financial costs.
5. 14 U.S. Hospitals
Killnet, a pro-Russian hacktivist group, targeted at least 14 U.S. hospitals with a denial-of-service (DDoS) attack early this year in January.
DDoS, a low-cost, anonymous method, disrupts websites and online services, causing them to slow down or go offline. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory for organizations to warn them of the attacks. They wrote that Russia's invasion of Ukraine may be behind their cyber attacks due to economic costs.
Websites of the organizations targeted in the attack included Stanford Healthcare in California; Duke University Hospital in Durham, North Carolina; Cedars-Sinai Hospital in Los Angeles, California; University of Pittsburgh Medical Center, in Pennsylvania; Jefferson Health in Philadelphia, Pennsylvania; Abrazo Health in Phoenix, Arizona; and Atlanticare, from Atlantic County, and New Jersey.
Killnet posted on Telegram why they attacked hospitals and medical centers: "It's very simple. We are tearing down the medical facilities in these countries to support the Nazis in Ukraine."
In late November, the leader of KillNet was identified as 30-year-old Nikolai Serafimov, also known as Killmilk.