Major Cybersecurity Threats in the Healthcare Environment
With every new technological breakthrough, cybercriminals are quick to exploit any vulnerabilities, making it harder for businesses, governments, and individuals to stay ahead of evolving cybersecurity threats. Over the past year, we’ve witnessed some of the most severe cyber incidents to date, with ramifications that go beyond financial loss, affecting everything from personal data to national security.
The last 12 months have been a rollercoaster when it comes to cyber events worldwide. If we covered all of the (big) ones this report would be twice as long, so we’ll focus on the most important ones, either based on their impact on society, or where they give us a good insight that we can all use to improve the cybersecurity posture of our organizations.
The CrowdStrike Incident
On 19 July 2024 arguably the largest IT outage ever occurred. Within a few minutes approximately 8.5 million Windows systems that were running the CrowdStrike Falcon agent globally crashed / bluescreened and continued to restart and then crash, until manually repaired. This Endpoint Detection and Response (EDR) tool relies (like all of them do on Windows) on a kernel driver and a particular signature update had a logical flaw in it which crashed the system after writing data to a portion of the memory it wasn’t supposed to. The estimated cost for the Fortune 500 companies affected is over 5.4 billion USD.
In September, Microsoft held a summit for all the cybersecurity vendors that produce agents for Windows to discuss the way forward and ensure that an outage like this never happens again. Many have suggested that Microsoft should adopt the macOS approach, allow no EDR agents Kernel access and only provide API access. Many experts, including us here at Hornetsecurity think this is too drastic, plus it also stifles innovation, and Microsoft seems to agree. It looks like future versions of Windows will have more guardrails in place against these types of risks, while not blocking kernel access altogether.
Change Healthcare
In February 2024, Change Healthcare, a subsidiary of UnitedHealth, experienced a massive ransomware attack that compromised the personal, financial, and healthcare records of ~100 million Americans. This breach, has been attributed to the Russia-based BlackCat ransomware gang and is considered the largest ever known data breach of protected health information in the U.S. The attackers exploited vulnerabilities in the company’s network, gaining access to sensitive data, including patient medical histories, insurance details, and payment information. The breach not only exposed the inadequacies in Change Healthcare’s cybersecurity defenses but also underscored the broader vulnerabilities within the US healthcare sector.
The aftermath of the breach saw Change Healthcare scrambling to mitigate the damage and working closely with federal authorities to investigate the incident. The company faced significant backlash from both the public and regulatory bodies, leading to calls for stricter data protection regulations in the healthcare industry.
The other notable fact about this attack is that it’s one of a growing number of cases where there is a very REAL human toll as a result of a cyber-attack. In this case there were patients in the US that were unable to get critical medications in a timely manner. Another example of an attack with a very real human cost is a similar breach of the UK’s NHS (National Health Service.) These attacks show that attackers are increasingly callus in who they target and as a matter of fact may even pick healthcare targets to increase the likelihood of a big payout.
National Public Data
The National Public Data (NPD) breach, which occurred in early 2024, is one of the largest data breaches in history, exposing up to 2.9 billion records. This breach affected approximately 170 million people across the US, UK, and Canada. The compromised data included highly sensitive personal information such as full names, Social Security numbers, mailing addresses, email addresses, and phone numbers. The breach was discovered when a malicious actor gained access to the company’s systems in December 2023 and leaked the data onto the dark web from April to the summer of 2024.
The risks associated with this breach are significant, as the exposed data can be exploited for various cybercrimes and fraudulent activities. Individuals affected by the breach face the usual increased risks of identity theft, unauthorized financial activities, and targeted phishing attacks. What is so notable about this trove of data is that threat actors are able to use it for cross-linking of individuals. This allows them to craft increasingly convincing social engineering attacks targeting future victims.
23andMe DNA Testing Service Breach
The large breach at the 23andMe DNA testing service was downplayed by the company for several months until in December 2023 it became clear that 6.9 million customers had their data stolen (but not leaked publicly), whereas 1 million customers with Jewish heritage had their data leaked on BreachForums, a now defunct popular hacking forum. MFA wasn’t enforced but is now mandatory for all users and 23andMe is currently facing serious financial issues, partly due to the breach.
A Year of Microsoft Security Drama
Microsoft hasn’t had a good last few years when it comes to security, back in June 2023 the Chinese group (Storm-0558) compromised email inboxes in 22 organizations worldwide, including the US State Department (60,000 emails stolen). In January 2024 Midnight Blizzard (Russia) broke into corporate mailboxes at Microsoft themselves, using password guessing to access a test tenant, which had an OAuth application with access to the production environment. This was a follow up of the Midnight Blizzard attack in 2020 (SolarWinds), and the July 2021 hack where they stole information on a limited number of customers. Then in March 2024 they followed up with another attack, accessing some internal systems and source code repositories using authentication materials stolen in the January attack.
In April 2024, the Cyber Safety Review Board (CSRB) released its third report, this time focusing on the Chinese hack in 2023 mentioned above. The report was scathing in its assessment of why Microsoft was compromised, outlining a series of failures that led to the breach, and following up with 25 recommendations on improvements.
This report and the attacks have led Microsoft to adopt the Secure Future Initiative (SFI), originally looking more like a marketing flyer, but now Microsoft employees will all have their security impact measured yearly, and the new mantra from Satya Nadella is “put security first”. We’ll see how this pans out over the next year or two.
Stay One Step Ahead of Cybercriminals with Hornetsecurity’s Security Awareness Service
Cyber threats are constantly evolving, and human error is often the weakest link. Our Security Awareness Service equips your team with the knowledge and skills to recognize and respond to phishing scams, social engineering tactics, and other common cyber threats.
Protect your organization by investing in continuous education and hands-on training, ensuring that your employees stay vigilant against the ever-growing risks.
Request your demo now and start training your team today to build a more secure digital environment for your business!
Conclusion
The events of the past year have highlighted the dynamic and high-stakes nature of cybersecurity. From devastating breaches to unforeseen IT outages, these incidents remind us of the vulnerabilities we all face in an increasingly digital world. As we move forward, it’s crucial that we take these lessons to heart, enhance our defenses, and prepare for the ever-evolving threats ahead. Only by staying vigilant and adaptive can we secure a safer digital future for all.
