As the world races towards a coronavirus vaccine, the healthcare industry has remained a focal point for cybercriminals. According to Cybersixgill’s data, references to healthcare on the underground through the first nine months of 2020 have increased by 52%, compared to all of 2019.
The deep and dark web offers fertile grounds for threat actors to share and discuss exploit codes for vulnerabilities which can impact critical infrastructure, leading to dangerous and even deadly consequences, as may have been the case in the September ransomware attack on a German hospital.
Malicious discourse on the underground related to the healthcare industry generally includes leaked data, the selling of access to healthcare systems that can be used for attacks, and exploits targeting medical devices.
This report investigates these aspects of the healthcare industry on the underground and delves into why the industry is frequently targeted and why it remains vulnerable.