Ransomware Continues to Plague European Healthcare SectorHacktivist-Led DDoS Attacks Also on the Rise, ENISA Says
Ransomware continues to be the biggest threat to the European healthcare sector, but the region also is experiencing an uptick in distributed denial-of-service attacks tied to hacktivist groups, the European Union Agency for Cybersecurity warned.
ENISA, which analyzed cybersecurity incidents that occurred between 2021 and 2023, said that of the 215 publicly reported cases, ransomware remained the top threat, accounting for 53% of all incidents against healthcare organizations.
The majority of these attacks originated from LockBit 3.0, Vice Society and BlackCat, and France, Germany and Spain reported the most cases, ENISA said. They included the January attack against Elsan Clinic in France by LockBit 3.0 and the Clínic de Barcelona attack in March 2023 by RansomHouse, which resulted in the attacker publishing 4.5 terabytes of stolen data.
The agency said hackers are increasingly targeting healthcare for financial gain because hospitals and clinics hold a wealth of sensitive data such as patient records, making it easy for attackers to demand hefty ransoms.
ENISA said that recent attacks do not appear to be more severe than those in the past. "Such an increase can occur as a sector matures in terms of incident detection and reporting, which may be due to the effect of the legal obligation to report incidents under European or national law," the agency said.
European healthcare entities have experienced a spike in DDoS attacks tied to the Russian hacktivist groups KillNet and Anonymous Sudan.
These activities increased after Russia's invasion of Ukraine and mainly sought to disrupt the functioning of the organizations as a political retaliation against European governments' criticism of Russia. In Europe, hacktivist DDoS attacks mainly targeted healthcare organizations in Denmark, the Netherlands, Spain and Sweden, the report says.
"We expect this trend to continue, however, the actual impact of these attacks remains relatively low," ENISA said.
Weak patch management has made the healthcare sector more attractive to hackers, who often target vulnerabilities in supply chain and important software applications - which makes victimization of healthcare organization much easier. According to ENISA, nine hacks, nearly 4% of all large-scale data thefts between 2021 and 2022, were caused by unpatched vulnerabilities.
As attackers continually probe ways to break into organizations, ENISA expects them to further exploit zero-day flaws. Some of critical zero-days that could be weaponized by hackers include the April 2022 zero-days found in Aethon TUG smart autonomous mobile robots that enabled remote access control for thousands of medical devices and the July 2022 SQL injection flaw found in Sante PACS Server used to store and manage medical data that could be exploited without authentication.
ENISA urged organizations to strictly follow good cyber hygiene practices to prevent hacks. This includes encrypting critical data and storing it offline, following vulnerability patch management guidelines and maintaining strong authentication mechanisms.