One of the most financially motivated healthcare hacking groups

A cybercrime group known as Vanilla Tempest is among the most financially motivated hacking organizations targeting the healthcare sector, according to a new report from Microsoft.

Advertisement

Microsoft released a white paper on March 5 examining cybersecurity issues facing rural hospitals. Here are six key takeaways from the report:

  1. Active since July 2022, Vanilla Tempest uses INC ransomware obtained through ransomware-as-a-service providers to attack hospitals and health systems.
  2. Vanilla Tempest is part of a broader landscape of cyber threats targeting healthcare. Other groups, including Lace Tempest, Sangria Tempest and Cadenza Tempest, use similar tactics such as RaaS and double extortion to exploit vulnerabilities within the sector.
  3. A Microsoft analysis of 13 hospital systems, including rural facilities, found that 93% of malicious activity targeting healthcare was linked to phishing campaigns and ransomware attacks.
  4. The report found that most cyber threats were delivered through email-based attacks.
  5. Rural hospitals are prime targets for cybercriminals, as outdated IT systems and limited resources make them vulnerable to attacks seeking highly sensitive patient data. Studies show that smaller healthcare providers—those with fewer than 500 employees—face a disproportionate share of cyber threats compared to larger health systems.
  6. There are about 1,000 independent rural hospitals that aren’t part of a larger network, and their IT solutions are often not connected to a bigger system. By focusing on the biggest security risks at these hospitals, which are some of the most vulnerable, a lot of the risk could be reduced. The report estimates that it would cost around $40 million to $45 million to fix these issues at those 1,000 hospitals. If this cost were applied to all 2,100 rural hospitals in the U.S., the total cost to address these urgent risks would be around $70 million to $75 million.
Advertisement

Next Up in Cybersecurity

Advertisement

Comments are closed.