The cyber threat landscape presents unique challenges for the healthcare industry, which is why Flashpoint is proud to work with numerous leading healthcare organizations, including three of the top five U.S. health insurance providers. Flashpoint’s Trusted Intelligence derived from online illicit communities and chat services empowers healthcare organizations to bolster security, inform strategic decisions, gain complete visibility of industry-specific threats and actors, and mitigate risk.

Below are examples of the types of threats Flashpoint helps healthcare customers address:


Ransomware has become one of the most common yet detrimental threats to healthcare. While cybercriminals have been stealing and selling healthcare data for years, many have realized that healthcare organizations eager to regain access to critical data may be willing to pay ransoms worth more than the data’s black-market value. Ransomware attacks can ultimately yield sizable financial losses, damaged brand reputation, or worse. Unfortunately, most organizations lack the tools, expertise, and manpower required to mitigate these attacks.

Flashpoint’s extensive coverage and exclusive access to online illicit communities enable regular monitoring of emerging ransomware campaigns, actors, and threats. In one instance, Flashpoint identified the early-stage development of an unreleased strain of ransomware that used the RSA-2048 encryption algorithm to block access to the victim’s computer. Flashpoint customers leveraged this intelligence to combat the ransomware before it was deployed.

Image: Flashpoint analysts regularly monitor “thedarkoverlord”, a threat actor notorious for targeting healthcare organizations. This above image is thedarkoverlord’s profile photo from an underground marketplace.


The healthcare industry’s rapid adoption of emerging medical technologies has rendered many organizations more susceptible to cyber threats posed by the vendors of these technologies. Because many vendors face intense competition and pressure to produce more goods faster than ever before, security can be afterthought. As healthcare organizations typically do not receive visibility into vendors’ supply chain security practices, dangerous vulnerabilities often go undetected until after a compromise has occurred.

In one instance, a healthcare organization was hacked through one of their technology vendors, resulting in the exfiltration of patients’ sensitive information. Utilizing Flashpoint’s intelligence, the organization identified the vulnerability, confirmed the existence of the data, and determined that the leak affected over 90 million patient records. Flashpoint then worked with the organization to limit exposure, bolster cybersecurity, and mitigate risk.

Image: Flashpoint analysts obtained access to a sample that proved a threat actor’s access to a stolen healthcare database.


While threats posed by malicious insiders raise concerns across industries, those in healthcare can be especially detrimental due to the high black-market value of stolen personal health information (PHI) and serious consequences for victims. PHI abuse can include identity theft, insurance fraud, and tax fraud, which often goes undetected for years. For malicious insiders with access to valuable PHI databases, selling such access can provide a fast and profitable return. But, as most organizations lack visibility into the forums and marketplaces where PHI is bought and sold, insider threats often go undetected until the damage has been done.

Flashpoint’s comprehensive access to these illicit forums and marketplaces enables quick detection of relevant threats. In one instance, Flashpoint identified a message posted to an elite cybercrime forum offering the sale of administrative-level access to a hospital database containing millions of PII records. Flashpoint then determined from where and how the actor was accessing the Internet, which in turn identified the individual as a hospital employee. Using Flashpoint’s intelligence, the hospital was able to prevent the sale of the database and take appropriate actions against the rogue employee.

Did this answer your question?