In 2021, healthcare providers saw a 121% spike in malware and were the prime target of IoT malware attacks with a 71% year-over-year increase, according to SonicWall’s 2022 Cyber Threat Report.

A developer of internet appliances for content control and network security, SonicWall explored the vulnerability of the healthcare industry in its biannual report. It found that an average 16.3% of healthcare customers were the targets of malware attacks in any given month. Additionally, it says that hospitals and health systems have seen higher increases in other types of cyber threats.

“The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What's more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Compared to healthcare, the government experienced a 46% increase in IoT malware, and both education and retail saw these attacks rise by 28%. Chavoya says this may be because healthcare IT and IoT infrastructure is complex, overburdened and limited by legacy systems that are no longer being upgraded. These legacy systems often require specialized staff to continue to operate them. Additionally, many hospitals use connected devices from third-party providers, which makes it difficult to maintain the same cybersecurity standards universally.

But despite seeing the largest jump in such attacks, healthcare had the lowest percentage of customers targeted by them. The authors say this may be because of the fact that providers often keep IoT devices on their own separate and highly secured networks due to their life-and-death nature. This makes them largely inaccessible to other devices.

And even though it saw a huge increase in general malware attacks, it still was not the likeliest to experience such an attack with 16.3% reporting one in any given month, compared to 22.5% of educational institutions.

The sector also experienced a triple digit increase year-over-year in cryptojacking volume. Spread primarily through fileless malware, phishing attempts and malvertising, cryptojacking volume threats rose 19% globally for all industries to 97.1 million in 2021. This was the most attacks that SonicWall Capture Labs threat researchers have ever recorded in a single year.

Additionally, healthcare recorded over 2.6 million Log4J exploit attempts between December 2021 and January 2022. The attacks targeted a vulnerability in the Apache Log4j, a popular Full Open-Source Software (FOSS) logging library. Devices carrying the application became vulnerable when they went online, and some legacy products remained that way because they were no longer receiving updates. This includes some critical healthcare systems.

Health IT Homepage