Dive Brief:
- The HHS’ Office of Information Security has released a report looking at the implications of automation for healthcare cybersecurity and how criminals are using artificial intelligence in their hacking activities.
- Cyberattackers are using AI to build better malware, the office said. The technology includes machine learning-enabled penetration testing tools, AI-supported password guessing and data to enable impersonation on social networking platforms.
- Hackers are also using automated software to identify valuable information such as emails, passwords, credit cards and personal data, according to the report.
Dive Insight:
Cyberattacks on healthcare providers are increasing in complexity and impact as they continue to rise in number. CommonSpirit Health this week disclosed that a ransomware attack first reported in early October exposed the personal information of more than 623,000 people.
The percentage of healthcare organizations reporting ransomware attacks nearly doubled last year to 66%, according to cybersecurity company Sophos.
Cyber threats to third parties such as medical device suppliers and supply chain vendors are also soaring, the American Hospital Association has warned.
The HHS report said one of the most common types of automated attacks involves the use of stolen passwords or fully automated password-cracking tools. Hackers may even use pre-made software designed for people with lower skill levels. Other pre-configured tools monitor user activity and harvest credentials.
While many automated cyber intelligence tools were created to help make systems more secure, plenty have been misused, the report said. It recommends adopting systems for security monitoring and alerting, vulnerability management, and network intrusion detection and prevention.