- Cyber-attackers continue to hammer healthcare organizations’ gaps in protecting data integrity and interconnected systems. In fact, as an industry, healthcare sees three times as many security incidents and attacks than other sectors and is twice as likely to actually encounter data theft.
To make matters worse, recent research conducted by Raytheon/ Websense shows that healthcare is four times more likely than the average industry to be impacted by sophisticated malware. In fact, one in every 600 attacks in healthcare involves some form of advanced malware. In 2015, about 84 percent of all healthcare incidents involved so-called “dropper files,” which gain entry to systems through security holes and then gather information either for themselves (in the case of nation-state exploits to steal intelligence) or for sale on cybercriminal markets.
“Many healthcare organizations lack the administrative, technical or organizational skills necessary to detect, mitigate and prevent cyber-attacks,” according to the report. “Some hospitals have yet to implement even basic preventive measures such as intrusion-detection systems, infrastructure security assessments, remote data wiping of mobile devices or encryption.”
Lack of security awareness among employees worsens the situation. Raytheon/ Websense found healthcare to be 74 percent more likely than other sectors to be affected by phishing schemes such as FakeBank.
Botnets — networks of compromised computers used to generate spam, relay viruses or flood servers with requests — add to the woes of IT security professionals. More than 50,000 botnet encounters and incidents affect healthcare organizations on an average day, the report states. These incidents further sap resources, requiring large numbers of man-hours to identify, mediate and re-image infected endpoints. They come in waves, too, such as a January 2015 surge of nearly 70,000 botnet incidents hitting healthcare systems in a single day.
The Andromeda botnet is a significant and dangerous threat, hitting healthcare at 14 times the rate of the average industry. It typically has built-in anti-debug and evasion capabilities, according to the report, and can stay quiet on an affected system for months without attempting to connect with its command-and-control server.
Another major threat is Cryptowall malware, which can encrypt certain types of files stored on local and network drives. With the private key stored only on the malware’s control servers, Cryptowall effectively holds the affected files for ransom. Researchers estimate that nearly 625,000 systems were infected with Cryptowall in a six-month period last year, affecting more than 5 billion files.
In addition, Raytheon/ Websense research has identified that healthcare businesses are three times more likely than other enterprises to be impacted by Dyre, an active banking program that appears legitimate but performs illicit activity when run. Dyre and variants reportedly have stolen more than $1 million in a single campaign.
Moreover, vulnerabilities in connected medical devices and systems can allow sensitive information to be leaked online. For example, in one controlled exercise, a healthcare organization’s incorrectly configured computer exposed the data of 32 pacemaker systems, 21 anesthesiology systems, 488 cardiology systems and 323 radiology systems. In many other cases, the security of connected devices is thought of only after they are already online, the report notes, and some devices are configured to automatically share information.
“The combination of challenges confounds security efforts and is likely to increase the prevalence of attacks and subsequent data loss or theft,” the report concludes.