Cybersecurity threats taxonomy & threat actors
SPHINX project labels the cybersecurity threats that a healthcare organisation may face as an outcome of either a malicious action (i.e. malware, hijacking, data theft, DoS/DDoS), a human error (configuration error, unauthorized access, BYOD), a system failure (i.e. overload, software and/or firmware failure, outdated systems), a supply chain failure (i.e. cloud service failure, procurement error, power outage) or some case of damage due to natural phenomena (i.e. earthquake, flood, fire).
In addition to the above taxonomy, SPHINX follows on a common categorisation of threat actors. From a threat intelligence perspective, a threat actor or malicious agent is a person or entity that is responsible for an event or incident that impacts, or has the potential to impact, the safety or security of critical assets. In this context, agents that can be taken into account threat actors can be allocated in government sponsored attackers motivated by political, economic, technical or military agendas; organised cyber-criminals driven by black-market profit, extremist groups active in cyber terrorism, hacktivists, opportunistic attackers, insider threat actors and even negligent internal users who do not follow the proper security protocols.
Hence, SPHINX focuses its vulnerability assessment and threats identification functions on four main types of threat actors:
Insider threats: These are threat actors operating within the healthcare organisations, namely employees and suppliers, that have a malicious intent to disrupt the healthcare service delivery by causing harm to the organisation’s IT systems. These can be potentially the most harmful threat actors in place, ranging from physicians, nurses, administrative staff to third-party suppliers (cleaners, security guards, catering suppliers);
Malicious external users: These threat actors are a part of the healthcare organisation’s ecosystem, namely patients and their visiting guests, that have a malicious intent to disrupt the healthcare service delivery by causing harm to the organisation’s IT systems. Because of their privileged access to the healthcare organisation’s critical assets, these actors’ malicious actions can cause great impact;
Remote attackers: These threat actors include amateur and professional criminals that, while not physically present at the healthcare organisation’s facilities, are able to exploit vulnerabilities within the healthcare service provider’s interconnected health ecosystem and gain access to the overall IT system to disrupt the healthcare service delivery for profit and personal notoriety;
Others: These threat actors refer to non-human but rather natural causes leading to equipment and system failures, including heavy storms, fire, flood or earthquake incidents.
More information about cyber threats taxonomy and threat actors can be found in Deliverable 2.4 that is publicly available here.