Advanced persistent threat groups are targeting healthcare organizations, the Department of Homeland Security warned in a May advisory.
Malicious actors are on the hunt for valuable research, pharmaceutical and patient data, according to the agency. The threat is so great that DHS recommends all healthcare and academic organizations strengthen their passwords to guard against misuse.
One method hackers use is known as “password spraying,” a brute-force attack involving a single and commonly used password against many accounts before an attacker pivots to try a second password, and so on. Password spraying allows threat actors to remain undetected by avoiding rapid or frequent account lockouts.