- Healthcare ransomware attacks increased by 89 percent from 2016 to 2017, according to recent research from Cryptonite. Furthermore, one-quarter of all IT/hacking events reported to OCR in 2017 were attributed to ransomware incidents.
Gathering data from OCR, Cryptonite also determined that there was an overall drop in compromised records. Last year found 13,425,263 compromised records, while there were 3,442,748 records reported compromised in 2017. Researchers explained though that this was likely due to attackers going after a wider array of healthcare organizations.
“Cyberattackers target healthcare networks primarily for two primary reasons - to steal the medical records they contain or to extort ransom payments. Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud,” Cryptonite President and CEO Michael Simon said in a statement. “While 2017 was the year of ransomware, we are anticipating this already hard hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare.”
“Internet of Things (IoT) devices are now ubiquitous in health care - they are already present in intensive care facilities, operating rooms and patient care networks,” he continued.
As previously noted by HealthITSecurity.com, nine of the largest 10 incidents reported to OCR were due to ransomware attacks, unauthorized server access, and computer viruses. The largest attack potentially affected 697,800 individuals, and occurred when a former Med Center Health employee accessed certain patient billing information without authorization.
Another recent report found that poor healthcare security measures make the industry especially susceptible to basic attacks. Ransomware attacks from phishing scams is one of the common attack methods against healthcare, along with exploiting vulnerable exposed services, according to eSentire research.
“Additionally, healthcare organizations are likely to be targeted by nation-state threat actors in the context of cyberwar,” the research team wrote. “Disrupting medical services alongside utilities (like power and water) will lead to the disruption of political processes in the targeted country as emergency protocols take precedence.”
There would be little that North America could do to mitigate an incident response should a cyberattack occur on the continent’s infrastructure, the report added.
Healthcare in particular experiences a medium amount of traffic per sensor. Biopharma, Pharmaceuticals, and Biotechnology, tend to see more reconnaissance-type traffic than healthcare but regulated industries (i.e., finance) typically experience less.
However, less protected email addresses likely contribute to healthcare having a larger ratio of phishing traffic than other industries, researchers explained.
“Healthcare personnel are also more likely to open a phishing email given the high number of unpredictable emails they receive in the process of ordering drugs and equipment and collaborating with other healthcare providers,” researchers stated. “Healthcare networks also experience a large degree of Reputation Blocks, in which an organization’s security provider automatically blocks traffic from known threats.”
Healthcare organizations should have on-site security professionals and a customized strategic direction to help combat the evolving cybersecurity threats, the research team concluded.
“Once a security team is in place, organizations should follow general cybersecurity recommendations such as patching, raising employee awareness and reducing the threat surface, especially as it relates to critical services,” the report said.
These results align similarly with McAfee research from December 2017, which showed that public and healthcare data security attacks accounted for more than 40 percent of total incidents in 2017 Q3.
North America healthcare attacks led vertical sectors in Q3 security incidents, according to McAfee Labs Threat Report: December 2017. Account hijacking, leaks, malware, DDoS, and targeted attacks were the most common type of attack vectors across all industries.
“The third quarter revealed that attackers’ threat designs continue to benefit from the dynamic, benign capabilities of platform technologies like PowerShell, a reliable recklessness on the part of individual phishing victims, and what seems to be an equally reliable failure of organizations to patch known vulnerabilities with available security updates,” McAfee Chief Scientist Raj Samani said in a statement.
“Although attackers will always seek ways to use newly developed innovations and established platforms against us, our industry perhaps faces a greater challenge in the effort to influence individuals and organizations away from becoming their own worst enemies,” Samani continued.
Covered entities and business associates are going to continue to adopt new technologies to provide improved patient care. This will likely include connected devices, which could open organizations to more vulnerabilities if proper security precautions are not taken.
Healthcare organizations must regularly implement software updates and patches to help combat ever-evolving cybersecurity threats. With phishing attacks a key concern, employees should also be trained on how to recognize a potential attack and how to appropriately respond.