Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern.

The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations, data theft and disclosure and even the loss of human lives when medical goods and services are unavailable.

So what do healthcare organizations and patients need to know about cyberattacks on the healthcare sector in Latin America?

According to the IBM Security X-Force Threat Intelligence Index 2023 report, the proportion of incidents to which X-Force Incident Response has responded in the healthcare sector has remained at approximately 5% to 6% of total incidents over the past three years. Ransomware outpaced other attacks in Latin America, accounting for 32% of the cases to which X-Force responded.

Additionally, the main access vectors for healthcare companies in Latin America are the exploitation of public-facing applications (T1190), the abuse of valid accounts (T1078) and the exploitation of external remote services (T1133).

3 critical risk factors

Exploitation of Public-Facing Applications

IBM X-Force Incident Response observed that attackers mainly exploit weaknesses and vulnerabilities in services and programs with internet access, especially websites. In other cases, they exploit vulnerabilities in web servers (Apache Tomcat, outdated versions of Apache and outdated security patches, for example).

Abuse of Valid Accounts

Attackers exploit remote system accounts and externally available services, such as virtual private networks (VPNs), network devices and remote desktops. In other cases, they exploit inactive accounts or accounts that do not expire passwords (exfiltrated on the Deep Web) with dictionary-based or credential-stuffing attacks.

Exploitation of External Remote Services

Exploiting remote access services such as Citrix desktops, access gateways and VPNs allows attackers to connect to internal healthcare enterprise resources from external locations.

IBM X-Force incident response recommendation

These are some examples of the main intrusion vectors that IBM X-Force Incident Response has identified in healthcare companies in the Latin American region. All healthcare organizations in the region must prepare to face these threats and have adequate security measures to protect patient information’s privacy and security.

The following are the IBM X-Force Incident Response team’s recommendations:

  • Develop incident response plans tailored to their environment. These plans should be updated regularly to maintain or improve response and recovery times.
  • Perform regular backups focused on critical medical services. Keep copies in secure, segmented and physically separated locations.
  • Allow only authorized applications. Configure third-party operating systems and medical services to run only approved applications.
  • Monitor your medical IT infrastructure, medical devices and domain controller at the system and application registry level.
  • Ensure a technology governance and cybersecurity team is created to support medical services operations.
  • Have the support and coverage of a specialized incident response and computer forensics team that can act promptly in future events and contribute to the containment, remediation and recovery of business operations.
  • Implement security operations centers to detect and manage security breaches through early alerts, provide real-time infrastructure security monitoring, implement preventive measures and improve responsiveness to future attacks.
  • Include additional endpoint protection layers on the technological infrastructure of healthcare companies.

Reduce vendor risk

To mitigate the main access vectors, keep in mind the following:

  • Segregate external servers and services from the rest of the network with a DMZ or separate hosting infrastructure.
  • Manage privileged accounts by implementing minimum privileges for service accounts.
  • Maintain all computers, servers and medical devices with patching and vulnerability management processes.
  • Scan external systems for vulnerabilities regularly.
  • Audit user accounts for unusual activity and disable or delete those that are no longer needed.
  • Ensure that applications do not store sensitive data or credentials insecurely (clear text).
  • Improve the policies and administration of passwords for all technologies that are part of the health sector company to ensure security in system access. It is recommended that these passwords be longer than 12 characters, including special symbols and numbers, in addition to verifying the relevance of multifactor authentication in the case of critical services.
  • Disable or block remotely available services that may be unnecessary.
  • Conduct research on the Deep Web to identify possible information leaks, including credentials.

Rising to meet the threat

Protecting medical data and ensuring the availability of healthcare services should be one of the main objectives of companies associated with the medical sector. That is why IBM X-Force Incident Response is always available to help you create and manage an integrated security program to protect your company from global threats, reduce attacks’ impact and prevent or respond quickly to future attacks through X-Force Incident Response retainer services.

More from Healthcare

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today