Cyber Risk Heightens for US and French Hospitals

Image of hospital map - April 2020

The following is an excerpt from a post by Nate Winslow, the senior principal data scientist at Prevailion:

For the past few months, I’ve been monitoring the health care industry from a cyber risk perspective. A clear picture has emerged, which shows US and French hospitals having high risk. This is disturbing given that many of these hospitals are already facing a crisis of epidemic proportions.

The data I’ve been using to monitor the health care industry consists of intercepted communications to malicious internet domains. By analyzing the daily communications from hundreds of thousands of IP (Internet Protocol) addresses to these malicious domains, I can reconstruct a global view of computer network compromise (see the banner graphic above). This view has remarkable resolution at the city, country, company, and industry group levels. The line plot below shows the stage of compromise within the health care industry broken into 4 subsectors. The red line corresponds to hospitals. The hospitals subsector consistently has the highest stage of compromise within the health care industry.

 

 

Within the hospitals subsector, I have also been monitoring the hospitals with the highest stages of compromise. These hospitals are located in the United States and France. The final line plot below shows the stages of compromise for the most impacted hospitals. Stages of compromise range from 1 to 4 (similar to the stages of cancer). When an organization gets above stage 3, the evidence of compromise is very strong, and consistent with malware aggressively spreading within a network.

 

 

The above hospitals have computer networks displaying strong evidence of being infected with malware. These infections elevate the cyber risk for ALL hospitals, particularly those in the United States and France.

In the coming months, I will continue to monitor the health care industry and report on other industries observed to have high cyber risk (including the oil and gas industry as well as the pharmaceutical manufacturing industry).


For a deeper dive into Compromise Intelligence within this industry and others, look for our upcoming quarterly Apex Report, due out at the end of April.

The Latest

Prevailion CEO, Karim Hijazi, discusses China hacking Microsoft Exchange

Hijazi discusses Microsoft hack parallels with SolarWinds and how China and Russia likely execute their cyber campaigns.

Prevailion CEO, Karim Hijazi, discusses China’s attack on Microsoft

See Prevailion CEO, Karim Hijazi, comment on how nation states use proxy groups to compromise organizations through weaker supply chain points.

Prevailion CEO, Karim Hijazi, discusses second Solar Wind hack

See Prevailion CEO, Karim Hijazi, weigh in on a second solar winds hack and how elite hacker groups have likely already compromised many top companies around

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.