COVID-19 , Critical Infrastructure Security , Cybercrime
Impact of 'Weaponization of Data' Attacks on Healthcare
Adam Meyers of CrowdStrike on Evolving Global Healthcare Sector Cyberthreat TrendsThe "weaponization of data" in cyberattacks - where cybercriminals not only deploy ransomware but threaten to release stolen data on the internet - has quickly become one of the biggest threats facing many healthcare sector entities, says Adam Meyers, vice president of threat intelligence at CrowdStrike.
CrowdStrike found a 82% increase in ransomware attacks in 2021 - compared to 2020 - that involved the "weaponization of data," or theft of data that attackers threatened to leak on the internet if ransom demands were not met, Meyers says in an interview with Information Security Media Group discussing highlights of CrowdStrike's recently issued 2022 Global Threat Report.
"The weaponization of data, particularly in the healthcare sector, can have really profound impact on a victim, especially having to do with HIPAA-[covered] data," he says. "The ransom demand probably pales in comparison to the cost of dealing with the litigation and the regulatory and compliance issues that come."
Data weaponization is a way for attackers to establish control over the attack situation, especially since many organizations hit with ransomware encryption have refused to pay ransoms if they're able to restore their affected data through backups, Meyers says.
Sub-Targets
While some organizations - such as doctor practices and hospitals - have become a hot spot for ransomware and data leak attacks, Meyers says other healthcare sector players - such as pharmaceutical companies and medical research and development entities - have become the bull's-eye for attacks involving intellectual property theft, especially during the COVID-19 pandemic.
"We've observed numerous nation-state actors targeting those types of organizations," he says.
In the interview (see audio link below photo), Meyers also discusses:
- How TTPs are evolving, especially those of Chinese nation-state threat actors (see: How Chinese, Russian Threat Actors Changed Tactics);
- Why some organizations leveraging "strong" identity controls, such as zero trust, have had better outcomes in protecting data against some of these attacks;
- Security considerations related to the escalating Russia-Ukraine conflict.
As CrowdStrike's senior vice president of intelligence, Meyers directs a geographically dispersed team of cyberthreat experts tracking criminal, state-sponsored and nationalist cyber adversary groups across the globe to product actionable intelligence. He also oversees the development and deployment of AI, machine learning, reverse engineering, natural language processing and other technologies to detect suspicious and malicious cyber behavior.