As we usher in 2024, it’s important to also reflect on a few incidents that shook up the threat landscape in 2023. Beyond just chronicling cyber threats, this recap spotlights some of the vulnerabilities and emerging threat actors that posed significant risks to healthcare organizations last year. By understanding these challenges, we can better prepare and fortify our defenses for the evolving cyber threats of the future.
Five healthcare cyber threats that impacted healthcare in 2023
1. Okta’s security breach
Okta, a leading identity management platform, is widely used across various industries, including healthcare. In November, Okta issued a Root Cause Analysis (RCA) report that provided an update on its October security breach. In it, they stated that a threat actor had accessed and downloaded a report containing the names and email addresses of all Okta customer support system users. All customers of Okta’s Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) were impacted (those using specific secure environments were excluded from this breach).
Many healthcare organizations, business associates, and third-party are affected by the breach. There’s also an increased chance of threat actors using the stolen data for social engineering attacks (targeted phishing, etc.) against healthcare employees.
The recommendations: Enable multi-factor authentication (MFA), reset admin credentials, verify Identity Provider configurations, and implement strict access controls.
2. Progess Software’s MOVEit zero-day
Progress Software had a rough 2023. In late May, the company identified multiple structured query language (SQL) injection vulnerabilities in their MOVEit Transfer software. Although they issued a patch, it also had vulnerabilities that allowed access to systems, so they developed and released another patch. This ultimately led to the discovery that all versions of MOVEit Transfer were affected, including MOVEit Cloud. Progress Software then issued an updated patch and guidance on how users should proceed to close vulnerability gaps.
Many healthcare organizations rely on MOVEit to transfer large files. Unfortunately, threat actors took advantage of these vulnerabilities, resulting in multiple data breaches within healthcare organizations and their third-party vendors.
The recommendations: Apply patches or mitigations to MOVEit environments, turn off all HTTP/HTTPS traffic to the MOVEit Transfer environment, and delete any unauthorized files and accounts. Additional recommendations and an updated MOVEit security bulletin were issued in July 2023.
3. Progress Software’s WS_FTP’s vulnerability
Another critical vulnerability was found in Progress Software’s WS_FTP Server software. The common vulnerability scoring system (CVSS) rating of this exposure was 10, the highest severity rating possible. This high rating can be largely attributed to the fact that this vulnerability enabled threat actors to access extensive amounts of Protected Health Information (PHI) data.
The recommendations: Apply WS_FTP mitigation recommendations and patch. Expand the search for the use of WS_FTP software within departments responsible for large file transfers (e.g., images), and investigate older versions of file transfer software in equipment not generally on your radar, such as critical devices.
4. 3AM ransomware
3AM emerged as a new ransomware strain in 2023. It’s capable of not only stealing and encrypting data, but also disabling security and backup services before launching its attack. Once activated, 3AM leaves a ransom note threatening to sell the stolen information unless a payment is made. In severe cases, it can encrypt multiple systems or even entire networks.
The concern around 3AM is heightened due to its connection with LockBit, a known threat actor in the cyber world. This affiliation, coupled with LockBit’s history of targeting healthcare organizations, suggests that 3AM could lead to more extensive and damaging attacks, marking it as a particularly noteworthy threat in the constantly evolving cybersecurity landscape.
The recommendations: Employ endpoint detection and response technologies to quickly identify, prevent, and respond to signs of infection; back up critical systems (servers, domain controllers, workstations, etc.); establish relationships with experts before an incident occurs, including MSSPs experienced in healthcare Incident Response, cyber insurance, and legal teams.
5. Ending of support for older Google Chrome
In 2023, Google announced that it would end support for Chrome on older Windows operating systems (OS). This decision affects Windows 7, Windows 8/8.1, as well as Windows Server 2012 and Windows 2012 R2.
As of October 2023, only those OS running Windows 10 or newer will receive Chrome updates. This shift also impacts users of Chromium-based Edge, with version 109 being the final version supported on these older operating systems. These versions will continue to receive security updates until a specified date.
This change poses a particular concern for healthcare organizations that are still using older systems. Without ongoing updates, these systems become more vulnerable to cyber threats.
The recommendation: Review the various applications used in your healthcare organization, upgrade affected operating systems, and reevaluate the need for browsers and general internet access on machines with end-of-life (EoL) OSs. Note that these changes may affect the functionality of those applications.
Staying ahead of cyber threats in 2024
2023 demonstrated that threats are not static; they evolve, as do the technologies and strategies to combat them. The importance of proactive measures, such as multi-factor authentication, timely patching, and robust backup systems, cannot be overstated. Equally crucial is the need for awareness and education at all levels within healthcare organizations to recognize and mitigate these threats.
For helpful insights on how to fortify your defenses, check out our on-demand webinar series about cultivating a strong healthcare cybersecurity culture within your organization.
