Tenable is spotlighting a shift in cybercriminal tactics to target healthcare institutions across the APAC region

Tenable’s latest Threat Landscape report revealed that healthcare was the top-targeted sector for ransomware attacks in 2022, contributing to 35.4% of all breach events analyzed. 

This was a sharp increase from its previous contribution of 24% of all breach events in the previous year.

The recent wave of cyberattacks on healthcare institutions across Asia Pacific further underscores the urgency. This includes high-profile cyber incidents such as the 2023 Covid-19 vaccination portal breach in India which saw the unauthorized disclosure of healthcare and personal data of millions of individuals. 

Another example would be the cyber-attack on Hong Kong’s OT&P Healthcare group earlier this year, which could have exposed the personal data and medical history of over 100,000 patients. 

These breaches, amongst others, have potentially led to unauthorized disclosures of both healthcare and personal data on a massive scale. 

According to the IBM Security Cost of a Data Breach Report 2023, since 2020, healthcare data breach costs have surged by 53.3%. For the 13th consecutive year, the healthcare sector reported the highest data breach costs, with an average cost pegged at USD 10.93 million.

Nigel Ng, Vice President, Asia Pacific and Japan, Tenable, warned: “Cybercriminals have traditionally been attracted to high-yield targets such as the banking, finance, and pharmaceutical sectors. However, it’s become evident that their attention has been veering towards healthcare information, mainly because they recognize the slower pace at which healthcare providers in our region are adopting preventive cybersecurity measures.”

“The repercussions of cyberattacks are immense – from substantial financial losses to disruptions in essential medical services and compromising patient data. The fact that more people are being alerted about their personal information surfacing on the dark web further underscores the urgency of the situation,” Ng added.

With healthcare institutions across the region rapidly digitizing and introducing more technology into healthcare, the importance of strengthening cybersecurity cannot be emphasised enough. 

Take a proactive approach

As governments across the APAC region look into imposing stricter data-protection laws, it’s crucial that healthcare entities don’t just rely on the bare essentials. Ng emphasized the proactive approach: 

“While regulatory measures are essential, waiting for them might be detrimental. Healthcare organizations need to prioritize cybersecurity now. This involves regular risk assessments of the entire attack surface, consistent employee training, and continuous proactive monitoring.”

Tenable recommends that healthcare organizations in Asia Pacific take the following steps to protect themselves from cyberattacks:

    • Conduct regular risk assessments to identify vulnerabilities
    • Provide cybersecurity training to employees
    • Maintain continuous monitoring of systems to detect potential threats
    • Implement preventive and proactive measures to protect sensitive data, such as encryption and access controls
    • Have a plan in place to respond to a cyberattack

Highlighting the trust placed in healthcare institutions, Ng also pointed out: “Healthcare entities are more than just service providers. They are pillars of trust in our communities. Safeguarding against cyber threats isn’t just about data; it’s about ensuring the well-being of countless individuals and maintaining the seamless delivery of vital medical services.”