Carbon Black recently published a shocking report about the state of cybersecurity in the healthcare sector.
The report indicates that there has been a massive upsurge in malicious cyberattacks on the industry. According to its analysis, health organizations are suffering an average of two attacks every week.
Highlights from the report
“Healthcare Cyber Heists in 2019” is the title of the report and it is based on a survey of 40 healthcare industry players. These include hospitals, insurance service providers and pharmaceuticals among others.
Here are some of the findings:
- 83% of the respondents claim to have witnessed a rise in cyberattacks on their own networks:
- 66% reported that they had at some point been targets of ransomware.
- 50% of the survey participants said that the attacks had the objective of obtaining health data so as to sell it on the dark web.
- 33% of the respondents said that the attacks are for “island hopping.” These involved cybercriminals invading a health system and using it as a Trojan horse to access connected organizations and spread malware.
In a bid to cover their tracks and ‘burn the evidence’ so to speak, hackers will mostly destroy compromised data and systems.
Possible reasons for the upsurge in healthcare cyberattacks
Why has there been such a dramatic uptick in healthcare-focused cyberattacks? Let us consider some of the possible reasons:
1. Access to volumes of personal data
Due to the nature of the industry, healthcare organizations have to collect and store large amounts of personal data. This in itself makes them a ripe target for malicious attackers. The potential use for such data in the wrong hands is virtually limitless.
Attackers can use it for identity theft and perpetrate all kinds of fraudulent activity. For instance, they could obtain costly medical services, prescription meds and gadgets and then slap the person behind the identity with the bill. They can also use it for blackmail and extortion for people who would not risk having their health secrets aired in public.
2. The value of medical data
Such data is extremely valuable as it contains sensitive information such as names, home addresses, social security numbers and dates of birth. To illustrate just how valuable medical data is, consider this: Credit card records sell at $1-$3 each while social security numbers go for $15. But health records could go for as high as $60 a piece.
3. A ‘clever’ way to cause mayhem
In many countries, healthcare is considered as part of critical national infrastructure. As such, it sits beside other key sectors like electricity, water and transport. With this in mind, hackers who simply want to cause mayhem to view it as a highly appealing place to start.
4. The critical nature of the environment
Due to the critical nature of the healthcare environment, data users often require immediate access to records on a variety of devices. Therefore, they at times consider security measures as barriers to their efficient functioning rather than solutions to a lurking nightmare.
5. Broad attack surface – A rise in IoT devices
Today more than ever before, the healthcare sector is enjoying an uptick in the number of Internet of Things (IoT) devices. The elderly also often have to wear location trackers which have IoT capabilities.
Though these have made life easier for both patients and medical practitioners, it has also introduced a unique set of risks. The ability of such devices to hold data and communicate with other systems makes them an easy gateway that malicious actors exploit.
6. Prevalence of outdated tech and legacy IT systems
According to a Duo.com report, a majority of healthcare providers – 76% – are still using Windows 7. With this outdated operating system, they get limited to no security support from the provider posing a security risk. Among the key reasons given for this are fears that upgrades would disrupt services.
7. Focus on the wrong security aspects
The 2018 Thales Healthcare Data Report shows that in the US healthcare industry at the time, 62% of survey respondents were planning to increase spending on the endpoint and mobile security.
What makes this noteworthy is that endpoint security has been shown to be ineffective at preventing breaches of data. Big data, cloud, IoT and container deployments thus remain unprotected and vulnerable.
8. A life and death affair
Ransomware attacks are only successful when victims are willing to pay up. And in no other industry are the odds as high as they are in healthcare. In some cases, lives could be at stake when hospitals are unable to access patient medical records.
For instance, a mix-up of records could mean mixing up medications or failure to pay the right kind attention to people with chronic conditions like diabetes during treatment. They therefore have no choice but to pay up, and this serves as an incentive to hackers to keep doing what they do best.
Common avenues of cyberattack in healthcare
How exactly do hackers get access to sensitive healthcare data? Though there are innumerable ways, two currently stand out as the most commonly exploited:
- Ransomware – as mentioned above, malicious attackers often use ransomware to hold data hostage until victims pay up the required amount for release. In some cases, perpetrators fail to keep their end of the bargain and do not release captive data even after receiving ransom payment.
- Phishing – this is by far one of the most common avenues that attackers use in most sectors including healthcare. Essentially, it makes use of electronic forms of communication such as email to spread malware. Once a victim opens an infected email or clicks on a link in it, they get their system infected. In order to make this approach effective, attackers will often disguise the email, making it seem like it’s coming from a trustworthy source.
The silver lining in the dark cloud of medical cyberattacks
In spite of the fact that the above statistics paint a grim picture, there is good news to glean from the situation. The upsurge in healthcare-focused cyberattacks has raised general consciousness on the potential risks.
As a result of the growing awareness of security risks, decision-makers in the industry are likely to respond so as to contain the menace.