Cyber Risk in the Healthcare Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Healthcare.

Report

APT45: North Korea’s Digital Military Machine

This report from threat intelligence analysts at Google's Mandiant marks the graduation of this cyber actor to a fully designated APT - APT45. The ...

View Source

Report

GOLD IONIC DEPLOYS INC RANSOMWARE

This blog post from Secureworks describes the intrusion set they track as GOLD IONIC, also known as INC Ransom Group. The post outlines GOLD IONIC ...

View Source

Report

APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation

This 2022 report by researchers at FireEye threat intelligence outlines the intrusion set they designate as APT41. They describe the group as 'a ...

View Source

Report

Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide

This presentation from TeamT5 describes the intrusion set they refer to as TeleBoyi and was presented at JPCERT's JSAC2024 conference on January ...

View Source

Report

Threat Assessment: EKANS Ransomware

This threat assessment from researchers at Palo Alto's Unit 42 covers the EKANS ransomware. According to the report, EKANS was first observed in ...

View Source

Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source

Report

StopRansomware: ALPHV Blackcat

This '#StopRansomware' advisory from CISA and partners outlines technical details and mitigations for the ALPHV Blackcat 'Ransomware as a ...

View Source

Report

StopRansomware: Rhysida Ransomware

This is a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and ...

View Source

Report

StopRansomware: Phobos Ransomware

This is a joint Cybersecurity Advisory produced by CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It ...

View Source

Report

APT37 (REAPER) - The Overlooked North Korean Actor

This special report by FireEye discusses an investigation into APT37, a suspected North Korean cyber espionage group. According to the report, ...

View Source

Report

SVR cyber actors adapt tactics for initial cloud access

This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Healthcare.

Search:

ATT&CK ID	Title	Associated Tactics
T1080	Taint Shared Content	Lateral Movement
T1119	Automated Collection	Collection
T1053	Scheduled Task/Job	Execution, Persistence, Privilege Escalation
T1204	User Execution	Execution
T1486	Data Encrypted for Impact	Impact
T1057	Process Discovery	Discovery
T1083	File and Directory Discovery	Discovery
T1005	Data from Local System	Collection
T1595.003	Wordlist Scanning	Reconnaissance
T1020	Automated Exfiltration	Exfiltration
T1566.002	Spearphishing Link	Initial Access
T1087.002	Domain Account	Discovery
T1036.007	Double File Extension	Defense Evasion
T1583.001	Domains	Resource Development
T1059.006	Python	Execution
T1210	Exploitation of Remote Services	Lateral Movement
T1003.001	LSASS Memory	Credential Access
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1059.001	PowerShell	Execution
T1543.003	Windows Service	Persistence, Privilege Escalation
T1059.003	Windows Command Shell	Execution
T1586.002	Email Accounts	Resource Development
T1584.004	Server	Resource Development
T1112	Modify Registry	Defense Evasion
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005	Link Target	Resource Development
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access
T1588.001	Malware	Resource Development
T1033	System Owner/User Discovery	Discovery
T1595.002	Vulnerability Scanning	Reconnaissance
T1588.003	Code Signing Certificates	Resource Development
T1592	Gather Victim Host Information	Reconnaissance
T1505.003	Web Shell	Persistence
T1087.001	Local Account	Discovery
T1021.006	Windows Remote Management	Lateral Movement
T1047	Windows Management Instrumentation	Execution
T1539	Steal Web Session Cookie	Credential Access
T1133	External Remote Services	Initial Access, Persistence
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1608.001	Upload Malware	Resource Development
T1608.002	Upload Tool	Resource Development
T1569.002	Service Execution	Execution
T1583.003	Virtual Private Server	Resource Development
T1595.001	Scanning IP Blocks	Reconnaissance
T1203	Exploitation for Client Execution	Execution
T1204.002	Malicious File	Execution

Showing 1 to 50 of 113 entries