SEO poisoning attacks against healthcare organizations are on the rise, according to a recent Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) report. HC3 details the search engine optimization (SEO) tactic and what healthcare entities can do to protect themselves. Such attacks are dangerous to healthcare organizations safeguarding patients’ protected health information (PHI).
SEE ALSO: HIPAA compliant email: The definitive guide
What is SEO poisoning?
Thanks to SEO, the first few are often the most reliable, improving a website’s visibility. Everyone has used a search engine to look up something quickly, clicking on the first link. Unfortunately, threat actors have figured out how to exploit users’ blind trust in the results with SEO poisoning.
SEO poisoning is a type of malicious advertising (malvertising) that involves the intentional manipulation of search results. The first or second click may lead users to attacker-controlled, malicious websites. Such attacks can be targeted to specific users, like executives or no one in particular. In fact, any user who does not pay attention to the text or URL shown in a search engine can easily be compromised.
The technique allows cybercriminals to customize their attacks, making SEO poisoning more challenging to identify and defend. Visible signs of SEO poisoning include unwanted pop-ups, random redirects to different sites, and unfamiliar backlinks. For organizations, signs have a drastic change in search rankings and deindexed or blocked web pages, ultimately leading to a loss of traffic and reputation damage.
SEO poisoning tactics
Cyberattackers can use various techniques to achieve SEO poisoning. Typosquatting targets users who inadvertently misspell a URL or click on a misspelled URL. Cybercriminals may register domain names similar to known ones to exploit these errors.
These malicious domains are often featured at the top of the search results, through a technique called Blackhat SEO. Blackhat SEO uses unethical strategies to boost search engine rankings. Unethical strategies include
- Keyword stuffing: cramming known search terms onto a web page
- Cloaking: providing different material to search engines than what users see
- Search ranking manipulation: artificially increasing rates, sometimes using bots
- Private link networks: groups of unrelated websites connected using backlinks
Finally, cyberhackers can inject spam-like content onto known web pages that redirect users to malicious sites. Such tactics and SEO poisoning spread malware by getting users to click on bad links or attachments. This can result in credential theft and even financial loss.
LEARN ABOUT: What are the penalties for HIPAA violations?
SEO poisoning attacks against the healthcare industry
Blackberry’s 2023 Global Threat Intelligence Report found an increase in SEO poisoning between December 2022 and February 2023. The report especially highlighted its impact on the healthcare industry; the company expects the trend to continue. SEO poisoning preys on people's trust in healthcare organizations and healthcare websites. It also preys easily on healthcare entities that employ minimal HIPAA compliant protections.
The most recent news about SEO poisoning focuses on targeted attacks on the financial and healthcare sectors with Gootloader malware. The idea was to use SEO poisoning tactics to get victims to download the malware. The threat actors create websites or forums similar to known websites; once users click on a malicious link, they initiate an infection chain.
The consequences of SEO poisoning extend beyond stolen data and financial concerns for the healthcare industry. For example, patients might accidentally visit malicious sites leading to personal cyberattacks and misdiagnoses or improper treatment. Furthermore, healthcare institutions without strong cybersecurity might be infiltrated through their websites, resulting in stolen PHI and encrypted systems.
How can healthcare organizations defend against SEO poisoning?
According to HC3’s report, SEO poisoning is difficult to block. Organizations, therefore, must continue to learn about such attacks and the malicious methods used to infiltrate. They must also understand what they need to do to reduce risks.
- Implement digital risk monitoring tools to detect typosquatting and newly registered domains.
- Create and use indicator of compromise (IoC) lists to identify malicious URLs/organizations to block.
- Upgrade security software and establish web filtering protocols (i.e., gateways) to control what content is accessible.
- Train staff in safe browsing practices, phishing awareness, and effective endpoint security measures.
Healthcare organizations must also stay up to date on HIPAA guidelines on cybersecurity. Other HIPAA compliant defenses include regular assessments and audits, content monitoring, and strong multifactor authentication.
SEE ALSO: How do I remove malware?
Be proactive with HIPAA compliant protections
The Blackberry report emphasized, “As digitization grows, the healthcare industry—including device manufacturers, software and network solution providers, and healthcare providers—must prioritize cybersecurity throughout their infrastructure to meet regulatory requirements and safeguard patient data.”
SEO poisoning poses a serious risk to patient privacy, PHI security, and patient care. As healthcare organizations evolve in a digital world, the importance of strong, HIPAA compliant cybersecurity cannot be overstated. By taking proactive measures against SEO poisoning, healthcare organizations can continue to provide needed services with no delays.
Kapua Iao
