The following is an excerpt from a post by Nate Winslow, the senior principal data scientist at Prevailion:
For the past few months, I’ve been monitoring the health care industry from a cyber risk perspective. A clear picture has emerged, which shows US and French hospitals having high risk. This is disturbing given that many of these hospitals are already facing a crisis of epidemic proportions.
The data I’ve been using to monitor the health care industry consists of intercepted communications to malicious internet domains. By analyzing the daily communications from hundreds of thousands of IP (Internet Protocol) addresses to these malicious domains, I can reconstruct a global view of computer network compromise (see the banner graphic above). This view has remarkable resolution at the city, country, company, and industry group levels. The line plot below shows the stage of compromise within the health care industry broken into 4 subsectors. The red line corresponds to hospitals. The hospitals subsector consistently has the highest stage of compromise within the health care industry.
Within the hospitals subsector, I have also been monitoring the hospitals with the highest stages of compromise. These hospitals are located in the United States and France. The final line plot below shows the stages of compromise for the most impacted hospitals. Stages of compromise range from 1 to 4 (similar to the stages of cancer). When an organization gets above stage 3, the evidence of compromise is very strong, and consistent with malware aggressively spreading within a network.
The above hospitals have computer networks displaying strong evidence of being infected with malware. These infections elevate the cyber risk for ALL hospitals, particularly those in the United States and France.
In the coming months, I will continue to monitor the health care industry and report on other industries observed to have high cyber risk (including the oil and gas industry as well as the pharmaceutical manufacturing industry).
For a deeper dive into Compromise Intelligence within this industry and others, look for our upcoming quarterly Apex Report, due out at the end of April.
Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign. UNC1151 is likely a state-backed threat actor  waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]
Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.