HC3 Analyst Note: Malvertising in Healthcare

The U.S. Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has issued an analyst note on malvertising, which combines “malicious” and “advertising.” This cyberattack method infiltrates legitimate ad networks to spread malware, exploiting user trust in reputable sites. The HPH sector is particularly vulnerable due to its reliance on digital technologies, making it hard for users to spot harmful ads. Malvertising can take various forms, including drive-by downloads, click-based exploits, click fraud, and phishing ads, along with search engine optimization (SEO) poisoning that directs users to malicious sites.

To combat these risks, healthcare organizations should implement strong security measures, raise user awareness about unknown ads, and ensure robust network segmentation. Enhancing browser security and developing an incident response plan are also essential. The consequences of malvertising in healthcare can be severe, resulting in data breaches, operational disruptions, and significant financial losses. Therefore, increasing awareness and adopting effective strategies are crucial to protect the sector from malvertising threats. For additional information, please reference the HC3 Analyst Note.