Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold.

The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to China and other nation states. The hackers are targeting cancer research institutes to obtain cancer research data to help accelerate drug development in China.

Globally, WHO figures show that one in six deaths are cancer-related and in China, deaths from cancer are increasing at an incredible rate. China is participating in legitimate research, but it would appear the country is also prepared to use nefarious methods to advance its cancer research programs.

China already has one of the fastest-growing pharmaceutical markets. If Chinese pharmaceutical firms were able to gain access to information on drugs under development, they could bring drugs to market without having to cover the colossal costs of research and bring drugs to market faster than competitors in the West.

Hacking groups with strong links to Russia and Vietnam are also involved in espionage attacks against healthcare providers. These threat actors also seek large quantities of healthcare data and they are targeting specific healthcare providers to steal data in bulk. FireEye’s study shows there is moderately frequent espionage activity in the healthcare sector.

Most financially motivated attacks involving data theft target protected health information (PHI). This personally identifiable information includes the data elements required for identity theft, medical identity theft, and tax fraud. PHI can also be used to construct highly convincing phishing emails. PHI carries a high value on the darknet because of the versatility of the data.

In addition to gaining access to healthcare networks to steal data, some threat actors are selling access to healthcare networks on darknet marketplaces. One hacker was selling access to a U.S.-based medical institution with 3,000 hosts at a darknet marketplace auction for between $9,000 and $20,000.

Hacktivism is rare in the healthcare sector, but there is considerable activity related to other disruptive and destructive threats. Ransomware attacks on healthcare providers have increased considerably in 2019. These attacks are being conducted by organized cybercriminal groups, individuals under ransomware-as-a-service, and nation-state backed hacking groups.

Securing an increasing number of biomedical devices presents many security challenges for healthcare providers. The study showed many healthcare providers are struggling to retain visibility into all devices that connect to their networks.

It is essential to have total visibility into all devices that connect to the network and to ensure that those devices are appropriately secured. Many attacks on healthcare organizations are opportunistic. Healthcare providers are attacked because it is so easy. They have outdated operating systems, unsupported software, and are slow to apply patches.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of