noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Scilex Holding Company

Statement of Changes in Beneficial Ownership (Form 4)
City of Santa Barbara, CA

Grant-Funding Application Update for Lower Eastside Community[...]
The Arena Group Holdings Inc.

Annual Statement of Changes in Beneficial Ownership (Form 5)

Healthcare

Radware Ltd.

01/23/2025 | Press release | Distributed by Public on 01/23/2025 15:41

How healthcare data breaches in 2024 will influence the threat landscape for applications in 2025

2024 was not an easy year for cyber defenders in the healthcare industry. As the industry became the prime target for ransomware attacks, it often resulted in a data breach that exposed the PII of millions of patients to thousands of potential threat actors in deep and dark web forums. This article will cover the top four data breaches in the healthcare industry in 2024 and disclose their possible impact on the application threat landscape in 2025.

1. Change Healthcare Ransomware Attack - from credential stuffing to data breach

Attack Date and Vectors:
- On February 21, 2024, Change Healthcare, a subsidiary of UnitedHealth Group, was targeted by the ALPHV/BlackCat ransomware group. The attackers gained initial access using stolen credentials for a Citrix remote access service that lacked multifactor authentication.
Attack Flow:
- Attackers obtained valid credentials for a Citrix remote access portal without multifactor authentication.
- They accessed the network and moved laterally to identify critical systems.
- Sensitive data, including usernames, email addresses, and passwords, was exfiltrated.
- Ransomware was deployed, encrypting essential systems and disrupting operations.
Consequences:
- Data Compromised: Personal information of over 100 million individuals, including usernames, email addresses, and passwords.
- Financial Impact: UnitedHealth Group paid a $22 million ransom to recover the data.

2. Synnovis Ransomware Attack and failed ransom negotiations resulting in 300M patient records online.

Attack Date and Vectors:
- On June 3, 2024, the Russia-linked ransomware group Qilin targeted Synnovis, a London-based provider of pathology services affiliated with the UK's National Health Service (NHS).
Wikipedia
Attack Flow:
- Qilin gained unauthorized access to Synnovis's network, though the specific method of initial access was not disclosed.
- The attackers moved laterally within the network to identify and exfiltrate sensitive data, including patient records.
- Ransomware was deployed, encrypting critical systems and disrupting pathology services.
- After failed ransom negotiations, Qilin leaked approximately 300 million patient records online.
WIRED
Consequences:
- Data Compromised: Approximately 300 million patient records, including sensitive medical information.
- Operational Impact: Over 1,100 surgeries and 2,194 appointments were canceled across multiple UK hospitals. Ambulances were diverted, and there were urgent appeals for O-type blood donations due to testing disruptions.
WIRED
Data Exposure:
- After unsuccessful ransom negotiations, the exfiltrated data was published on Qilin's dark website.

3. MediSecure Data Breach

Attack Date and Vectors:
- In April 2024, MediSecure, an Australian company facilitating electronic prescriptions, suffered a significant cyberattack. The specific attack vector was not detailed in the available sources.
Attack Flow:
- Attackers infiltrated MediSecure's systems, leading to the exfiltration of approximately 6.5 terabytes of data.
- The compromised data included healthcare identifiers and details of prescribed medications.
- Due to the complexity and volume of the data, MediSecure was unable to identify the individuals affected.
Consequences:
- Data Compromised: Approximately 12.9 million Australians were impacted, with exposed data including healthcare identifiers and prescription details.
- Operational Impact: MediSecure entered voluntary administration in June 2024, citing financial constraints exacerbated by the breach.
Data Exposure:
- A sample of the stolen data was reportedly published on the dark web; however, there is no indication that the entire dataset has been released.

Impact on 2025 Healthcare Application Threat Landscape

According to Google's latest research, over 84% of US adults tend to reuse the same passwords across more than 12 different platforms. This habit increases, making older users more likely to recycle their passwords. The healthcare industry naturally engages more senior citizens than any other sector.

These factors contribute to the success of credential-stuffing attacks on medical organizations' applications, and threat actors are well aware of this vulnerability. Those who carry out credential-stuffing attacks are often opportunistic; when a new database of patient information is published, they seize the opportunity to try and access patients' accounts in other healthcare organizations. They do this by using the same leaked passwords or leveraging other personally identifiable information (PII) that has been compromised and often used in passwords.

In other words, since credential stuffing tends to focus on two types of users, healthcare naturally engages:

Users who recycle passwords across different applications
User the use PII to create passwords (aka spouse name, family birthday, ID numbers)

Some of the above data breaches were leaked and published in deep web forums with a user base. Potential threat actors are exploiting the 2024 data breaches' PII to guess new password combinations or to crack new accounts of the victims.

Every data breach of one health organization increases the risks of all the other organizations in the industry experiencing increased credentials stuffing attacks on their patients' accounts.

Summary

The healthcare data breaches of 2024 have set the stage for a surge in credential-stuffing attacks against healthcare applications in 2025. The exposure of millions of patients' sensitive information and the sector's inherent vulnerabilities has created fertile ground for opportunistic threat actors seeking to exploit recycled passwords and PII-based credentials. As we move forward, healthcare organizations must remain vigilant, implementing robust security measures and educating users on the importance of unique, complex passwords to safeguard against the looming threat of credential-stuffing attacks in the post-breach landscape.

Kaiser Permanente Website Tracker Breach Affects 13.4 Million Individuals

UnitedHealth data breach leaked info on over 100 million people

12.9m Aussies hacked in major data breach

Healthcare Cybersecurity: 2024 Was Tough, 2025 May Be Better

How Healthcare Cyberattacks Broke Records in 2024

Posted in: Threat Intelligence

Sharing and Personal Tools

Please select the service you want to use: