The truth about cyberattacks on the healthcare sector in India

Cyberattacks on the healthcare sector in India are rising and there are many reasons for this. Right now, India is ranked 11th among the top 20 most targeted nations in the healthcare sector in the world. The IoT and OT global threat landscape assessment report 2022

While the sector has attracted attention from APT actors globally, most attacks are still driven by unaffiliated or loosely affiliated actors who are after a ransom. Healthcare providers, insurers, and even small clinics and online pharma companies are being targeted to obtain information and to target providers and service users. 

Data criticality and the cost of systems force healthcare organizations to pay up the ransom just to get back on their feet.  

While some data is floating around on the volume of attacks on this sector in India, we have not seen any data being shared on the actual attacks that were occurring.  This is why we have put this post together. a) to help healthcare industry participants understand the nature of the evolving threat landscape in the country and b) to drive awareness on the urgent need to respond to the rising cyber threats and to prevent more attacks from occurring.  

Here are the top trends and data on attacks on the healthcare sector in India:

1. Hackers are hoarding data such as patient files (including those related to children), payment information, asset landscape information, and hardware and application procurement plans. A small portion of this data is being offered for sale while the rest of it is getting stored ostensibly for use in the future   
2. Data on procurement plans are being offered for sale on closed platforms
3. Signs of APT 41 activity in complex healthcare systems was registered in a few instances in August, June, and May this year. The activity was restricted to scans. APT 41 is keeping a sharp vigil on the pharma sector in the country though as evidenced by over 7000 intrusion attempts logged in May this year.  
4. Documents from a healthcare provider in the national capital turned up on the Dark Web after an employee clicked on a rigged link   
5. Over 14 million records could already be compromised in the last 13 episodes
6. 99 breach attempts were logged on an Insulin Pump System (the target was the communication system) in our honeypot
7. In the case of an imaging device manufactured by a large OEM, it was found that the devices were leaking data and device diagnostic information to a server in the Macau islands
8. New vulnerabilities identified by Sectrio’s researchers in networked devices’ (belonging to 3 families of equipment) TCP/IP stacks could allow attackers to engage in remote code execution, denial of service attacks, and even leak data
9. Sectrio estimates that anywhere between 23-50 GB of data is leaving Indian shores each week through leaky networked devices without authorization
10. Hackers are reusing the publicly available personally identifiable information (PII) along with social engineering, phishing, and targeted attacks to impersonate victims in order to gain access to their payment information

Why is the healthcare sector being targeted in India?

There are many reasons for this. Here are a few:

1. Healthcare providers are a single source of very important data in addition to payment information
2. The rising value of patient information. Today, hackers are selling blocks of such information for as high as 750 USD for a complete data stack belonging to 1000 individuals. The value of such data in 2019 was 99 USD
3. Such data is often stored on systems with poor security. In one case, data was uploaded on a cloud server that was exposed to the cloud service provider  
4. Hackers are after information on politically significant persons
5. Networked devices being left unpatched
6. Hackers are also using highly specific insurance policy data including policy numbers, agent information, premium data, and more to call victims and fleece them to pay premium renewal fees. In such calls, data on their health is either obtained or validated by hackers

With such a complex modus-operandi, it comes as no surprise that Indian healthcare providers and victims are bleeding PII and more. Such information once leaked will return to haunt the victim and the provider.

Sign up for our one-on-one threat intelligence and security landscape briefing to learn more about such attacks.

Join our Cybersecurity Awareness Month campaign

Find out what is lurking in your network. Go for a comprehensive 3 layer threat assessment now

See our solution in action through a free demo