Cybercriminals have healthcare organizations under siege, according to a new report from MalwareBytes. “Cybercrime Tactics and Techniques: The 2019 State of Healthcare” documents a stunning 60 percent increase in security threats in just the first nine months of 2019 compared to all of 2018.
In a recent post, we explained why the healthcare industry is the most-targeted sector for ransomware attacks. Not only is healthcare the second-largest industry in the U.S. — it stores some of the most sensitive and valuable data. Lives can be jeopardized if patient data is compromised, so healthcare organizations are more likely than other businesses to pay the ransom.
But ransomware is far from the only cyber threat healthcare organizations face. According to the report, Trojan malware attacks increased 82 percent in Q3 2019 over the previous quarter, with Emotet and TrickBot the two primary culprits. Both steal sensitive data by injecting malicious code into infected systems. They are difficult to detect and combat, and spread rapidly to other systems on the network. Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the No. 1 threat to healthcare.
Endpoint Devices Vulnerable to Attack
Healthcare endpoints are also under attack, with a 45 percent increase in threat detections from Q2 2019 to Q3 2019. The challenge for healthcare organizations lies in the diversity of endpoints — from the PCs and laptops employees use to access applications and data, to employees’ personal devices and the devices of patients and visitors who connect to the Wi-Fi network.
There are also large numbers of Internet of Things (IoT) devices, including medical monitoring and imaging systems. A recent study by Irdeto found that 82 percent of healthcare organizations suffered an IoT-related cyberattack in the past year, with 30 percent reporting compromised safety. This makes endpoint security paramount to organizations.
Many healthcare organizations lack the in-house resources to effectively implement, monitor and manage the security infrastructure.
Hackers are using social engineering methods, such as phishing and spear phishing emails, to deliver malicious attachments and links, and taking advantage of weak security controls and user error to compromise systems. As more healthcare organizations digitize their medical records and processes, hackers are also exploiting vulnerabilities in medical management applications and other software.
The consequences of a security breach in healthcare are significant and increasing as organizations collect more and more sensitive data. When data is stolen or compromised, clinicians and staff must resort to paper-based processes that hamper productivity and the delivery of care. Security researchers are also concerned that future attacks could manipulate rather than steal data, leading to medical errors and misdiagnoses.
Healthcare Organizations Need to Focus on Security
The stakes are high, so healthcare organizations should focus on upgrading their security posture to prevent cyberattacks, and establish policies and procedures for responding to security incidents. A layered security approach featuring these points can go a long way toward combating healthcare threats:
- perimeter protections
- access controls
- intrusion prevention
- email and device security
However, many healthcare organizations lack the in-house resources to effectively implement, monitor and manage the security infrastructure. A Merlin International and Ponemon Institute study found that 74 percent of healthcare organizations lacked the staffing needed to maintain effective cybersecurity.
At GDS, our state-of-the-art security tools are fully managed by our experts, giving healthcare organizations the peace of mind that their systems and network are protected. We also rapidly respond to and contain threats to minimize risk. Let us help you fight back against healthcare cyberattacks. Lives may be at stake.
Benefits of Managed Security Services for the Healthcare Industry from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.