The 2020 Spotlight Report on Healthcare

HIGHLIGHTS

• There is an increase in the upward trending of command-and-control behaviors, which indicate remote access of internal system and a doubling of data exfiltration behaviors, which indicates that data is leaving internal healthcare networks to external destinations like cloud services.
• Comparing the rate of growth in data exfiltration behaviors across all industries in 2020 shows that the dramatic increase within healthcare organizations is unique.
• Lateral movement detections, the strongest indicator that threats are spreading inside a compromised infrastructure and propagating across internal devices, remain relatively flat with a slight decrease in May.
• There is a significant increase in smash-and-grab behavior, which occurs when a large volume of data is sent to an uncommon external destination, like a hosted cloud site, in a short period of time.
• Also increased is data smuggler activities, a behavior that occurs when an internal host device consolidates a large amount of data from one or more internal servers and subsequently sends a significant amount of data to an unexpected external system.