Cyber Risk in the Healthcare Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Healthcare.

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source
Report

GOLD IONIC DEPLOYS INC RANSOMWARE

This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...

View Source
Report

APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation

This 2022 report by researchers at FireEye threat intelligence outlines the intrusion set they designate as APT41. They describe the group as 'a ...

View Source
Report

Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide

This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...

View Source
Report

Threat Assessment: EKANS Ransomware

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...

View Source
Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source
Report

StopRansomware: ALPHV Blackcat

This '#StopRansomware' advisory from CISA and partners outlines technical details and mitigations for the ALPHV Blackcat 'Ransomware as a ...

View Source
Report

StopRansomware: Rhysida Ransomware

This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...

View Source
Report

StopRansomware: Phobos Ransomware

This is a joint Cybersecurity Advisory produced by CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It ...

View Source
Report

APT37 (REAPER) - The Overlooked North Korean Actor

This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...

View Source
Report

SVR cyber actors adapt tactics for initial cloud access

This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Healthcare.

ATT&CK ID Title Associated Tactics
T1080 Taint Shared Content Lateral Movement
T1119 Automated Collection Collection
T1053 Scheduled Task/Job Execution, Persistence, Privilege Escalation
T1204 User Execution Execution
T1486 Data Encrypted for Impact Impact
T1057 Process Discovery Discovery
T1083 File and Directory Discovery Discovery
T1005 Data from Local System Collection
T1595.003 Wordlist Scanning Reconnaissance
T1020 Automated Exfiltration Exfiltration
T1566.002 Spearphishing Link Initial Access
T1087.002 Domain Account Discovery
T1036.007 Double File Extension Defense Evasion
T1583.001 Domains Resource Development
T1059.006 Python Execution
T1210 Exploitation of Remote Services Lateral Movement
T1003.001 LSASS Memory Credential Access
T1574.002 DLL Side-Loading Defense Evasion, Persistence, Privilege Escalation
T1110.003 Password Spraying Credential Access
T1059.001 PowerShell Execution
T1543.003 Windows Service Persistence, Privilege Escalation
T1059.003 Windows Command Shell Execution
T1586.002 Email Accounts Resource Development
T1584.004 Server Resource Development
T1112 Modify Registry Defense Evasion
T1078 Valid Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005 Link Target Resource Development
T1078.003 Local Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005 Match Legitimate Name or Location Defense Evasion
T1053.005 Scheduled Task Execution, Persistence, Privilege Escalation
T1003.002 Security Account Manager Credential Access
T1588.001 Malware Resource Development
T1033 System Owner/User Discovery Discovery
T1595.002 Vulnerability Scanning Reconnaissance
T1588.003 Code Signing Certificates Resource Development
T1592 Gather Victim Host Information Reconnaissance
T1505.003 Web Shell Persistence
T1087.001 Local Account Discovery
T1021.006 Windows Remote Management Lateral Movement
T1047 Windows Management Instrumentation Execution
T1539 Steal Web Session Cookie Credential Access
T1133 External Remote Services Initial Access, Persistence
T1140 Deobfuscate/Decode Files or Information Defense Evasion
T1608.001 Upload Malware Resource Development
T1608.002 Upload Tool Resource Development
T1569.002 Service Execution Execution
T1583.003 Virtual Private Server Resource Development
T1595.001 Scanning IP Blocks Reconnaissance
T1203 Exploitation for Client Execution Execution
T1204.002 Malicious File Execution
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1114 Email Collection Collection
T1071.001 Web Protocols Command and Control
T1069.002 Domain Groups Discovery
T1534 Internal Spearphishing Lateral Movement
T1199 Trusted Relationship Initial Access
T1656 Impersonation Defense Evasion
T1573 Encrypted Channel Command and Control
T1007 System Service Discovery Discovery
T1572 Protocol Tunneling Command and Control
T1190 Exploit Public-Facing Application Initial Access
T1590 Gather Victim Network Information Reconnaissance
T1566.001 Spearphishing Attachment Initial Access
T1105 Ingress Tool Transfer Command and Control
T1586 Compromise Accounts Resource Development
T1555 Credentials from Password Stores Credential Access
T1557 Adversary-in-the-Middle Collection, Credential Access
T1598 Phishing for Information Reconnaissance
T1558 Steal or Forge Kerberos Tickets Credential Access
T1564.003 Hidden Window Defense Evasion
T1219 Remote Access Software Command and Control
T1587 Develop Capabilities Resource Development
T1021.004 SSH Lateral Movement
T1657 Financial Theft Impact
T1021.001 Remote Desktop Protocol Lateral Movement
T1070.001 Clear Windows Event Logs Defense Evasion
T1069.001 Local Groups Discovery
T1016 System Network Configuration Discovery Discovery
T1566 Phishing Initial Access
T1482 Domain Trust Discovery Discovery
T1003.003 NTDS Credential Access
T1055.002 Portable Executable Injection Defense Evasion, Privilege Escalation
T1018 Remote System Discovery Discovery
T1070.004 File Deletion Defense Evasion
T1562 Impair Defenses Defense Evasion
T1027.002 Software Packing Defense Evasion
T1001.003 Protocol Impersonation Command and Control
T1562.004 Disable or Modify System Firewall Defense Evasion
T1567.002 Exfiltration to Cloud Storage Exfiltration
T1110 Brute Force Credential Access
T1560 Archive Collected Data Collection
T1082 System Information Discovery Discovery
T1055.004 Asynchronous Procedure Call Defense Evasion, Privilege Escalation
T1547.001 Registry Run Keys / Startup Folder Persistence, Privilege Escalation
T1588.002 Tool Resource Development
T1490 Inhibit System Recovery Impact
T1027.009 Embedded Payloads Defense Evasion
T1106 Native API Execution
T1555.003 Credentials from Web Browsers Credential Access
T1134.002 Create Process with Token Defense Evasion, Privilege Escalation
T1218.005 Mshta Defense Evasion
T1003.005 Cached Domain Credentials Credential Access
T1134.001 Token Impersonation/Theft Defense Evasion, Privilege Escalation
T1555.005 Password Managers Credential Access
T1593 Search Open Websites/Domains Reconnaissance
T1048 Exfiltration Over Alternative Protocol Exfiltration
T1585 Establish Accounts Resource Development
T1071.002 File Transfer Protocols Command and Control
T1090.002 External Proxy Command and Control
T1098.005 Device Registration Persistence, Privilege Escalation
T1621 Multi-Factor Authentication Request Generation Credential Access
T1528 Steal Application Access Token Credential Access
T1078.004 Cloud Accounts Defense Evasion, Initial Access, Persistence, Privilege Escalation