Home Podcasts Episode #17: Combating Attacks in the Health Care Sector

Episode #17: Combating Attacks in the Health Care Sector

Cyberattacks on health care institutions were once infrequent. But ever since the world was impacted by the pandemic, attacks on this sector have increased. We asked Jeremy Kennelly, Senior Manager, Mandiant Intelligence, which groups are responsible for these attacks.

Attacks in the Health Care Sector

Last year around December, there were many ransomware attacks on U.S. health care institutions. And in May this year, the Conti ransomware gang targeted the Irish health care system. With the holiday season round the corner, we anticipate more cyberattacks on the health care sector.

With multiple data breaches and ransomware attacks, the health care providers continued to be the primary target for cybercriminals. According to the “U.S. Health Care Data Breach Statistics” survey, around 70% of the U.S. population is affected by health care data breaches, with over 230,954,151 health records lost, stolen, or exposed in various security incidents. 2018 and 2019 witnessed a sharp increase in the number of individuals affected by health care data breaches, with a six-fold increase between 2017 and 2019.

Nearly two-thirds of global health care organizations suffered a cyberattack in their lifetime, while 53% were attacked within the last 12 months. The most commonly reported cyberattacks in the health care sector are phishing (68%), malware (41%), and web-based attacks (40%).

In this episode, Jeremy Kennelly, Senior Manager, Mandiant Intelligence gives us an overview of some of the new threat actors seen this year, especially those targeting the health care sector. In this episode he tells us about the typical TTPs and attack patterns, alluding to threat actor groups like FIN12.

Jeremy is a senior manager and principal analyst on the Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. Prior to his time at Mandiant, Jeremy worked as a security architect, incident responder, and in a number of other operational security roles at multiple major multinational corporations.