The Growing Threat of Malware Targeting Healthcare Cloud Apps 

Digital Cloud showing technical pathwas

As Healthcare Moves to the Cloud, Malware Threats Escalate 

The shift of the healthcare sector to cloud-based solutions has significantly enhanced the efficiency of operations, sharing of information, and patient services. Nonetheless, this swift shift has caught the attention of cyber attackers increasingly exploiting healthcare cloud applications to execute malware. 

The Rising Trend of Cloud Malware 

Findings from Netskope Threat Labs underscore a rising wave of malware attacks aimed at cloud-based healthcare tools. These attacks indicate an uptick in risks that could potentially lead to significant data breaches and interrupt critical patient services, posing a serious threat to healthcare institutions. 

Key Findings: 

  • On average, healthcare professionals interact with 22 applications monthly, and nearly half use Microsoft OneDrive daily. 
  • The healthcare sector is increasingly adopting Microsoft Services, with OneDrive, Teams, and Sharepoint emerging as the leading cloud applications among medical professionals. 
  • In the healthcare sector, there has been a noticeable surge in malware incidents. Cloud apps are a conduit for nearly 40% of these downloads via HTTP and HTTPS—a notable 10% increase from the previous year. 
  • Malware delivery through cloud apps allows malicious actors to bypass security solutions such as email and URL filters, which do not typically inspect cloud traffic. 
  • The malware most delivered through cloud apps over the past 12 months is Trojans and Downloaders, allowing malicious actors to gain a foothold in the network. 

The Allure of Healthcare Data 

Healthcare data is highly sought after by cybercriminals due to the valuable personal and financial information within Electronic Health Records, which can be used for identity theft and insurance fraud. A 2019 research paper published in the Annals of Internal Medicine reported that 94% of patients affected by a healthcare data breach since October 2009 had sensitive demographic information, such as Social Security Numbers or financial data, compromised during the breach.  

Healthcare providers are entrusted with safeguarding highly sensitive patient data and ensuring the continuity of critical care services. This makes them an attractive target for financially motivated cybercriminals deploying ransomware attacks. The fallout from such attacks can be devastating – the average ransom payout in healthcare ransomware incidents exceeds $1.4 million. Even more troubling, many healthcare organizations suffer repeat ransomware attacks despite paying the initial ransom. Worse still, paying the ransom is no guarantee of fully recovering encrypted data, with less than half of victims able to successfully retrieve all their files post-payment. 

Cloud Vulnerabilities Exploited 

Cloud computing delivers transformative benefits for healthcare entities, including enhanced data sharing, accessibility, scalability, and cost efficiencies. However, the cloud also introduces new cybersecurity risks that must be carefully managed. Misconfigurations leaving cloud resources unnecessarily exposed, lax access controls, and unpatched vulnerabilities in cloud software can all provide openings for threat actors to infiltrate healthcare cloud environments. 

Once inside, cybercriminals can deploy malware and move laterally to compromise other systems and data stores containing sensitive medical records, research data, and personally identifiable information.  

Defending Against Cloud Malware Threats 

Healthcare organizations must adopt a proactive and comprehensive approach to cloud security to combat the rising threat of cloud malware. Protecting healthcare cloud assets requires robust cloud security capabilities, including continuous monitoring, risk assessment, hardening, patching, and incident response. Key strategies include: 

  • Implementing robust access controls, least-privilege principles for cloud resources, and two-factor authentication. 
  • Utilize encryption to protect data, both at rest and in transit, to prevent unauthorized access. 
  • Deploying advanced threat detection and response solutions tailored for cloud environments. 
  • Conducting regular security audits and assessments to identify and remediate potential risks. 
  • Providing comprehensive cybersecurity training to employees to raise awareness and promote best practices. 

The healthcare industry’s reliance on cloud applications and services will continue to grow, making it imperative to prioritize cloud security. By staying vigilant and implementing strong security measures, healthcare organizations can better protect sensitive data, maintain service continuity, and safeguard patient trust.