Bloodthirsty data parasites hungrily eye up healthcare sector

The healthcare industry sees 340 per cent more security incidents and attacks than the average market segment, according to a new study by Raytheon|Websense.

Raytheon|Websense also warns that healthcare organisations are more than 200 per cent more likely to encounter data theft. Carl Leonard, principal security analyst at Raytheon|Websense, said that healthcare organisations are targeted by hackers because of the richness of the data they hold, which once stolen can be monetised via various scams.

"Healthcare records hold a treasure trove of data that is valuable to an attacker," Leonard explained. "No other single type of record contains as much Personally Identifiable Information (PII) that can be used in a multitude of different follow-up attacks and various types of fraud."

The rapid digitisation of the healthcare industry, combined with the value of the data at hand, has led to a massive increase in the number of targeted attacks against the sector, according to Raytheon|Websense. Health records not only contain vital information on the identity of an individual (name, address, social security) but also often link to financial and insurance information.

"Access to PII allows an attacker to commit identity fraud, while the financial information can lead to financial exploitation," Leonard added. "This is a logical and profitable secondary attack area for cyber-criminals who have already dealt in stolen credit card data."

Healthcare data leaks doubled between 2013 and 2014, leading UK data privacy watchdog the ICO to levy fines totalling £1.3m against NHS organisations.

Malware slingers are targeting healthcare organisations worldwide. Healthcare is 4.5 times more likely to be impacted by Cryptowall (ransomware designed to blackmail users into paying a ransom for the release of their data) and three times more likely to be impacted by Dyre (malware designed to steal financial data), according to Raytheon|Websense.

"As healthcare organisations are committed to delivering excellent patient care, there is a must for a high availability of data stores, and malware authors are aware of this. As a result, they are targeting this industry," Leonard explained. "Healthcare records also contain information which is up to ten times more valuable on the black market. Malware authors are determined to launch advanced malware in order to secure access to that valuable data."

The figures from Websense Security Labs' 2015 Healthcare Drill-Down Report (available here) came from an analysis of "real-world attack telemetry".

The study (extract below) provides an overview of the modern healthcare industry landscape, where various trends and pressures are creating a febrile environment for hacker exploitation.

Modern medical care is delivered through an incredibly complex network of information technology systems connecting patients, doctors, nurses, pharmacists, technicians, administrators and accountants with electronic health records (EHR), connected medical devices and insurance companies. Driven by the need to improve patient outcomes and lower costs, the rush to embrace digital technology has created a complex network of connected devices, systems and entities where security may be an underfunded afterthought.

Network security is further complicated when IT must balance protecting data from inappropriate access against the fact that lives could be lost if medical personnel cannot access the information they need, when they need it. Data thieves recognise both the incredible value of healthcare information and the vulnerabilities and security gaps which exist in this newly-connected world.

Raytheon|Websense's concern about the growing security problems in the healthcare sector is shared by other security researchers. The healthcare industry was the one most effected by data breaches, according to a new study by Trend Micro based on an analysis of 10 years of data from the Privacy Rights Clearinghouse. The top three breach methods in the healthcare industry were loss or theft, insider leaks and unintended disclosures.

Trend's research paper, entitled Follow the Data: Dissecting Data Breaches and Debunking the Myths, analyses data from security breaches between 2005-2015 as logged by PRC. Focusing on leaked data rather than who has been hit by data breaches can yield valuable insights that might otherwise get missed, Trend Micro argues.

"Much of the attention surrounding these breaches has been focused on who's affected and how they can recover," a Trend Micro blog post explains. "The stolen data on the other hand is treated as a lost cause. But there is so much more to learn from studying what was stolen. By following the data, we can get a picture of what attackers are looking for, how they use the data, how much it costs, and where it eventually ends up." ®