April 24, 2024

As cyberattacks on healthcare companies rise, threat intelligence can raise the barrier for entry

By Jason Harrison

The healthcare industry has a serious cybersecurity problem. Weekly cyberattacks on US healthcare entities have risen 86% since 2021, according to Insider Intelligence.1 Organizations are now suffering an average of 1,410 attacks each week, and the story is much the same globally.

Healthcare’s current vulnerability to cyberattacks is partially because it hasn’t had the same historical pressure to invest heavily in cybersecurity compared to other sectors. Instead, the majority of its resources were rightly focused on improving patient care and saving lives. Now, however, the situation has changed.

The COVID-19 pandemic propelled a massive surge in telehealth adoption and, despite the loosening of social distancing restrictions, this trend has persisted into 2023. The American Journal of Managed Care reports that national telehealth utilization increased 7.3% month-over-month in January of this year.2 Healthcare organizations have also increasingly partnered with third-party technology vendors to modernize their operations and reach more patients. And while technology can provide several advantages for healthcare entities, it also comes with serious risks if not properly secured.

As healthcare entities incorporate more digital solutions into their daily practice, they also broaden their attack surface. Cybercriminals are constantly scanning environments to find vulnerabilities that allow them to infiltrate a network. Healthcare entities represent an attractive target due to the amount of sensitive patient data they store.

Healthcare organizations need the latest threat intelligence to understand what their risks are and what steps they need to take to harden their security posture. Read on to learn how.

What is threat intelligence and why does it matter?

Cyber threat intelligence (CTI) encompasses the data and analysis that gives security teams a comprehensive view of their threat landscape. This data can come from any number of sources, including open-source threat intelligence, threat intelligence feeds, and even in-house analysis. The better this data is aggregated and made useful, the better the threat intel. With a view of all their data, organizations can use CTI to make more informed decisions about how to prepare for, detect, and respond to cyberattacks.

At Microsoft, we collect 65 trillion security signals daily from across the global threat landscape to discover new and emerging threats. Additionally, we deploy a team of 8,000+ security researchers, analysts, and threat hunters who analyze this information to uncover timely and hyper-relevant insights for our healthcare customers.

After all, while it’s useful to know about individual threat actors or attack vectors, it is even more impactful to examine the commonalities across these disparate pieces of data. For example, a recent Microsoft report examined high-profile ransomware attacks against critical infrastructure, healthcare and IT service providers to uncover a new ransomware model: ransomware as a service (RaaS).

Essentially, RaaS capitalizes on the industrialization of the cybercrime economy by allowing a single ransomware group to develop the ransomware payload. These crime syndicates provide services for payment and extortion via data leakage to other cybercriminals, who are then responsible for launching the ransomware attacks in exchange for a cut of the profits.

Examining the broader ransomware economy in this way allows security teams to better understand what steps they need to take to protect their own operations. In the case of RaaS, we found that attackers were most often capitalizing on organizations’ poor cyber hygiene, including infrequent patching and failure to implement multifactor authentication. Security teams can use this knowledge to take steps to strengthen their identity controls and implement better cyber hygiene practices to counter the threat.

How to start your threat intelligence journey

While implementing a robust CTI program can feel overwhelming at times, it is a critical part of creating a safe and secure experience for healthcare entities and patients alike. Following are three tips to get you started on your threat intelligence journey:

  • Understand your landscape: There’s an old adage in security: “You can’t protect what you don’t know.” This is especially true in healthcare. Many healthcare organizations partner with third-party vendors and suppliers for medical devices, patient record-keeping software, outsourced patient services and more. This interdependence on outside technology partners and the business supply chain, combined with overall IT sprawl and the expansion of smart medical devices, has created an extensive attack surface for defenders to monitor and protect. CTI can help provide the visibility for healthcare entities to better defend themselves.
  • Capitalize on automation: Automation enables security teams to incorporate CTI into their existing security strategies. Most security products protect against a certain threat or secure a specific target. However, cyberattacks are often multi-threaded and can often go undetected until there is a serious breach. By utilizing automation in concert with CTI, companies can find the weaknesses in their defense and uncover their most likely attack vectors. This enables them to discover and respond to threats proactively and rapidly while adapting to new and emerging CTI.
  • Spread the wealth: At its core, cybersecurity is a team sport. Communicating openly and honestly about the latest attack vectors and threat groups benefits us all because it leaves threat actors with fewer places to hide. If we want to harden our collective security posture, healthcare entities and leading security vendors will need to work alongside other sectors to share their threat intel knowledge and implement cybersecurity best practices.

As healthcare entities move to harden their defenses and raise the barrier for entry against future cyberattacks, CTI can be leveraged in concert with existing security solutions. This helps to ensure that organizations are knowledgeable about current threats and equipped with the necessary strategies to defend against them.


  1. Phillips, L. January 27, 2023. Healthcare cybersecurity in 2023: Hive’s shutdown is good news but cyberattacks are only getting worse. Insider Intelligence. https://www.insiderintelligence.com/content/healthcare-cybersecurity-2023-hive-s-shutdown-good-news-cyberattacks-only-getting-worse.
  2. Gelburd, R. April 4, 2023. Contributor: Telehealth utilization grew 7% nationally in January 2023. American Journal of Managed Care.https://www.ajmc.com/view/contributor-telehealth-utilization-grew-7-nationally-in-january-2023

Leave a Reply

Your email address will not be published. Required fields are marked *