02:15 PM
Connect Directly

Major Cyberattacks On Healthcare Grew 63% In 2016

US hospitals lack new technologies and best practices to defend against threats, new report says.

Some 93 major cyberattacks hit healthcare organizations this year, up from 57 in 2015, new research shows.

TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior to Jan. 1, but for consistency, researchers only used official reporting dates to the Department of Health and Human Services, Office of Civil Rights (HHS OCR).

Among the largest attacks were those on Banner Health (3.6M records), Newkirk Products (3.4M records), 21st Century Oncology (2.2M records), and Valley Anesthesiology Consultants (0.88M records).

Sophisticated attackers are now responsible for 31% of all major HIPAA data breaches reported this year, a 300% increase over the past three years, according to the report. Cybercriminals were responsible for 10% of all major data breaches in 2014 and 21% in 2015.

Despite the rise in attacks, the number of records breached dropped to about 12,057,759. That said, so many millions of health records have been stolen that the value of individual records decreased this year, TrapX reported.

Researchers pinpointed two major trends from 2016: the continued discovery and evolution of medical device hijacking, which TrapX calls MEDJACK and MEDJACK.2, and the increase of ransomware across a variety of targets.

MEDJACK involves the use of backdoors in medical devices like diagnostic or life-support equipment. Hackers use emailed links, malware-equipped memory sticks, and corrupt websites to load tools into these devices, most of which run standard/older operating systems and proprietary software.

"Once inside the network, these attackers move laterally in search of high-profile targets from which they can ultimately exfiltrate intellectual property and patient data," says Moshe Ben-Simon, co-founder and VP of services at TrapX Labs.

One successful penetration is often enough to give hackers access to the network, where they can find unprotected devices to host attacks, chat with humans, and access information. It's difficult to mitigate the effects of MEDJACK; many hospitals don't even know it happens.

"Unfortunately, hospitals do not seem to be able to detect MEDJACK or remediate it," Simon explains. "The great majority of existing cyber-defense suites do not seem able to detect attackers moving laterally from these compromised devices."

Ransomware attacks on large and mid-sized healthcare organizations have also become more diverse. The financial depth and criticality of operations make them easy targets. It's one thing to close a business for one day; it's entirely different to force a hospital shutdown.

A July 2016 survey conducted by Solutionary discovered healthcare is the industry most frequently targeted by malware, accounting for 88% of all detections in Q2. Hackers target healthcare because organizations will usually pay ransom for valuable patient data.

TrapX researchers predict ransomware will reach "unprecedented levels" next year as quick ROI, and easy access to untraceable money such as Bitcoin, make it easier for hackers to launch more attacks at once.

It's one prediction among many that spell trouble for the healthcare industry in 2017.

Experts anticipate cyberattacks targeting the industry will continue to set records, as most hospitals are unaware of breaches and will remain vulnerable to advanced attacks via medical devices. Mid-sized healthcare businesses will be targeted more often, they predict.

However, more advanced equipment may not necessarily solve problems. The Internet of Things is expected to generate new attack vectors, as most IoT devices don't have built-in security and don't let third parties install protective software. If compromised, they provide a backdoor for hackers that can be used for months without hospitals noticing.

Going forward, healthcare organizations will be forced to implement sorely needed security practices. A study from the Healthcare Information and Management Systems Society (HIMSS) found most fail to adopt basic safeguards like anti-malware tools, firewalls, and encryption.

Even as major breaches make headlines, it's difficult to get healthcare execs to tighten their focus on security.

"Traditionally healthcare providers are in the business of saving lives, so the IT security staffs have a difficult time competing for budget dollars," says Lee Kim, HIMSS director of privacy and security. "As recent as five years ago, you would hear people saying that people wouldn't want to attack a healthcare facility because they didn't believe anyone would want to do harm to the patients."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/16/2017 | 6:42:03 AM
security issue
Healtcare IT departments often lags on security. Last year randsomware attacks showed the weakness and IT-admins got some homework to do. Hopefully it will not happen again in this dimension.
User Rank: Ninja
12/28/2016 | 11:56:22 AM
Attacking healthcare
"Article mentioned "people wouldn't want to attack a healthcare facility because they didn't believe anyone would want to do harm to the patients"

We know that is not the case, patients are people, and they want to attack anything they can including people.
User Rank: Ninja
12/28/2016 | 11:55:51 AM
Re: Hacking Healthcare
"your EHR usage and allocate that to beefing up both your software/network and personnel/building security practices."

Another good point. Sometimes it is not the system everything else around it. Gmail is quite secure with two factor authentication and yet we see they are able to hack Gmail account.
User Rank: Ninja
12/28/2016 | 11:52:00 AM
hospitals unaware of breaches
Hospitals are unaware of breaches and as many other organizations, remember Yahoo, they told us they were hacked a few years earlier. Damage may be worse if we do not know early enough
User Rank: Ninja
12/28/2016 | 11:51:31 AM
Re: Hacking Healthcare
"A good social engineer only needs to get a malware USB plugged into one or two devices to have access to the hospital network. "

Good point. As we know we will all take the USB drive we found in the parking lot and plug in the computers to see what is inside. 
User Rank: Ninja
12/28/2016 | 11:49:07 AM
Ransomware and healthcare data
As article stated hackers target healthcare because organizations will usually pay ransom for patient data simply because the alternative is more costly. They will pay and may not even reveal that there was ransomware attack.
User Rank: Strategist
12/23/2016 | 4:51:16 PM
Microsoft Professional Support
This is really a nice post. Thanks for sharing this to us !
User Rank: Ninja
12/22/2016 | 7:09:40 PM
Hacking Healthcare
There are a couple different mindsets that need to change here.  The first is that idea of some of the smaller healthcare organizations (mostly individual practices) that hackers aren't interested in hurting patients.  Technically most aren't, but it isn't anything to do with their well-being anyway, but more to do with their personal information.  Once healthcare practices understand that data is used to create new identities, obtain credit cards and used for insurance fraud, they'll realize that by setting up more secure practices they are directly impacting their patients in a positive way. 

The other mindset that needs to change is how larger organizations (the Cedars and Kaisers of the world) deal with drug and device vendors.  These people come and go, sometimes getting into patient care areas, with access to medical devices on the floor.  A good social engineer only needs to get a malware USB plugged into one or two devices to have access to the hospital network.  Even easier, convincing a young intern to plug in a USB and "print something" for them will do the trick, too. 

Some of the larger hospitals are now implementing large Electronic Health Records that require various levels of security even to run properly so that's a plus on one hand, but on the other hand the distraction of large implementations can cover up the low-tech hacks that never get old, and never go away.  Let's take some of that money you're now earning from the governement, folks, for your EHR usage and allocate that to beefing up both your software/network and personnel/building security practices. 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
New Mirai Version Targets Business IoT Devices
Dark Reading Staff 3/19/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Reading Schneier's Friday Squid Blog again?
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version that could allow a malicious user with local access to execute code with administrative privileges.
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.