By Jeff Wardon, Jr., Assistant Editor

Even as healthcare facilities continue to digitize their operations and patient care, Cyber threats are becoming more sophisticated and dangerous. Just two months into the year, cybercriminals have been exploiting both technological advancements and vulnerabilities unique to the healthcare sector. From attacks on supply chains to direct patient extortion schemes and the misuse of AI tools, the threats are evolving. 

1: Supply chain attacks

“When it comes to the supply chains, one of the concerning trends seen in the past year is that key supply chain points in healthcare were suddenly being targeted," says Errol Weiss, chief security officer at Health-ISAC. 

Three supply chain disruptions that were caused by cyber incidents in 2024 include:  

• The Octapharma cyberattack that occurred in April 2024, which impacted blood and plasma supplies in the U.S. at hundreds of hospitals.  
• The Synnovis ransomware attack in June 2024, which impacted healthcare and lab reports around the Greater London area. 
• The OneBlood ransomware attack in July 2024, which impacted blood supply in the state of Florida. 

“It was a wake-up call to look across these three incidents where cybercriminals targeted key aspects of the healthcare supply chain and caused major regional impacts,” says Weiss. “It was a broad campaign where the cybercriminals targeted these sensitive key spots that allowed them to cause major disruptions with potentially poorly protected environments.” 

2: Patient extortion 

The last year also saw an increase in attempts at patient extortion as criminal groups are going against the patients rather than the whole entity.  This is accomplished when cybercriminals steal sensitive information from the hospitals that they’re breaking into. Once they have this information, they look at it and go one by one to those patients directly and threaten to release the information if the patient doesn’t pay up. 

“We’ve seen them [cybercriminals] have everything from sensitive psychotherapy records to even before and after pictures from reconstructive surgery,” says Weiss. “Again, it just demonstrates the lengths that these criminal gangs will go to try to extort the individual.” 

In 2023, Integris Health was hacked by Hunters International. The group breached the organization’s network and exfiltrated patient data, according to The HIPAA Journal. Once Integris Health refused to pay to have the stolen data wiped, Hunters International began contacting patients directly to demand payment or risk having the data sold. It’s unknown if any patients paid out to the hackers. Integris Health said they enhanced their existing policies and procedures to reduce the potential of a similar incident in the future. 

3: Use of artificial intelligence 

Even with the promise of artificial intelligence (AI), there also comes the peril of it falling into the wrong hands, says Weiss. Cybercriminals have already demonstrated the use of AI to improve their own capabilities from better scams and phishing campaigns to the discovery of new zero-day vulnerabilities, which are hardware or software flaws that are unknown to their creators. 

“The scary thing with improved phishing campaigns is that they can leverage these free tools and create very targeted emails in any language or discipline they want,” says Weiss. 

Phishing emails can become tailor-made for a specific individual to the point it caters to them and presents a believable message. This can also be seen with the rise of “deep fake” attacks.  

Weiss adds that these AI tools are free to use in many cases, so it requires little investment on the cybercriminal’s end, meaning these tools are easily and readily accessible to wrongdoers. 

However, even in the face of these threats, there is a solution: strengthening resiliency. 

“We've long been talking about the need to improve security in the healthcare sector where historically there's been a large focus on compliance,” says Weiss. “It's not enough to be focused on compliance to protect these sensitive patient information records and protect hospitals and other healthcare organizations from ransomware. We also need to make sure you've got the right security controls implemented as well.” 

Weiss adds that security is not just limited to making sure an organization can withstand a cyberattack but also keep functioning and providing its services to patients despite the attack. 

“Resiliency has become the mantra across many organizations, realizing that they need to be secure and resilient at the same time,” says Weiss. “That means looking at everything from live backup systems to keep things running to having manual procedures such as paper-based backups when systems are completely down.” 

Jeff Wardon, Jr., is the assistant editor of the facilities market.