Major Cyberattacks On Healthcare Grew 63% In 2016

US hospitals lack new technologies and best practices to defend against threats, new report says.

Some 93 major cyberattacks hit healthcare organizations this year, up from 57 in 2015, new research shows.
TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior to Jan. 1, but for consistency, researchers only used official reporting dates to the Department of Health and Human Services, Office of Civil Rights (HHS OCR).
Among the largest attacks were those on Banner Health (3.6M records), Newkirk Products (3.4M records), 21
st
Century Oncology (2.2M records), and Valley Anesthesiology Consultants (0.88M records).
Sophisticated attackers are now responsible for 31% of all major HIPAA data breaches reported this year, a 300% increase over the past three years, according to the report. Cybercriminals were responsible for 10% of all major data breaches in 2014 and 21% in 2015.
Despite the rise in attacks, the number of records breached dropped to about 12,057,759. That said, so many millions of health records have been stolen that the value of individual records decreased this year, TrapX reported.
Researchers pinpointed two major trends from 2016: the continued discovery and evolution of medical device hijacking, which TrapX calls MEDJACK and MEDJACK.2, and the increase of ransomware across a variety of targets.
MEDJACK involves the use of backdoors in medical devices like diagnostic or life-support equipment. Hackers use emailed links, malware-equipped memory sticks, and corrupt websites to load tools into these devices, most of which run standard/older operating systems and proprietary software.
Once inside the network, these attackers move laterally in search of high-profile targets from which they can ultimately exfiltrate intellectual property and patient data, says Moshe Ben-Simon, co-founder and VP of services at TrapX Labs.
One successful penetration is often enough to give hackers access to the network, where they can find unprotected devices to host attacks, chat with humans, and access information. Its difficult to mitigate the effects of MEDJACK; many hospitals dont even know it happens.
Unfortunately, hospitals do not seem to be able to detect MEDJACK or remediate it, Simon explains. The great majority of existing cyber-defense suites do not seem able to detect attackers moving laterally from these compromised devices.
Ransomware attacks on large and mid-sized healthcare organizations have also become more diverse. The financial depth and criticality of operations make them easy targets. Its one thing to close a business for one day; its entirely different to force a hospital shutdown.
A
July 2016 survey
conducted by Solutionary discovered healthcare is the industry most frequently targeted by malware, accounting for 88% of all detections in Q2. Hackers target healthcare because organizations will usually pay ransom for valuable patient data.
TrapX researchers predict ransomware will reach unprecedented levels next year as quick ROI, and easy access to untraceable money such as Bitcoin, make it easier for hackers to launch more attacks at once.
Its one prediction among many that spell trouble for the healthcare industry in 2017.
Experts anticipate cyberattacks targeting the industry will continue to set records, as most hospitals are unaware of breaches and will remain vulnerable to advanced attacks via medical devices. Mid-sized healthcare businesses will be targeted more often, they predict.
However, more advanced equipment may not necessarily solve problems. The Internet of Things is expected to generate new attack vectors, as most IoT devices dont have built-in security and dont let third parties install protective software. If compromised, they provide a backdoor for hackers that can be used for months without hospitals noticing.
Going forward, healthcare organizations will be forced to implement sorely needed security practices. A study from the Healthcare Information and Management Systems Society (HIMSS) found most
fail to adopt
basic safeguards like anti-malware tools, firewalls, and encryption.
Even as major breaches make headlines, its difficult to get healthcare execs to tighten their focus on security.
Traditionally healthcare providers are in the business of saving lives, so the IT security staffs have a difficult time competing for budget dollars, says Lee Kim, HIMSS director of privacy and security. As recent as five years ago, you would hear people saying that people wouldnt want to attack a healthcare facility because they didnt believe anyone would want to do harm to the patients.

Last News
▸ 3 Critical Errors in Incident Response ◂ Discovered: 26/12/2024 Category: security	▸ Is sandboxing applications the next essential endpoint security measure? ◂ Discovered: 26/12/2024 Category: security	▸ The success of Microsoft tech support scams ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Major Cyberattacks On Healthcare Grew 63% In 2016