Health-ISAC, a nonprofit, member-driven organization, has published its annual cyber threat report on current and emerging threat activity in collaboration with Booz Allen Hamilton Cyber Threat Intelligence.

The annual threat report enables healthcare security professionals worldwide to ensure operational resilience by enhancing situational awareness and strengthening their ability to detect, mitigate and respond to cyber threats.

Further reading: Confronting the Healthcare Cybersecurity Labor Shortage

Health-ISAC’s Current and Emerging Healthcare Cyber Threat Landscape report reviews and analyzes the cybercriminal, geopolitical and nation state threats healthcare organizations currently face, as well as threats on the horizon, such as product abuse and synthetic accounts. As noted in the report, an increase in connected medical devices also increases the attack surface of healthcare institutions. While newer medical device designs have improved cybersecurity controls, organizations must prepare for and defend across a broad spectrum of technology while also dealing with software end-of-life issues in legacy medical devices and the many cyber threats detailed in the report.

“Healthcare professionals can use the Health-ISAC annual threat report to not only stay ahead of the day-to-day threats facing the health sector but they can use the information strategically to communicate long-term challenges the sector is facing and help justify additional investments in cyber security spending and where more resources are needed—all in the name of improving patient safety and security,” says Denise Anderson, Health-ISAC president and CEO.

The report was published for Health-ISAC members only in February. A public, executive summary was released as part of this press announcement.

“While cyber adversaries continue to get more creative as shown in Health-ISAC’s annual threat report, simple attacks, like social engineering, are unfortunately still very effective. Information security practitioners who believed multi-factor authentication was the silver bullet are now reeling from major breaches that leveraged social engineering and technical measures to defeat it,” says Errol Weiss, chief security officer at Health-ISAC.

“All of this spells the need for continuous awareness—we need to stay on top of new threats and attack techniques, and most importantly, active information sharing that provides for community defense that will ultimately help improve the resilience of our healthcare sector networks,” Weiss adds.