11:00 AM
Connect Directly

Cancer Center Breach Another Symptom Of Healthcares Growing Epidemic

Healthcare organizations suffered nearly one cyberattack per month in the past year, with nearly 50% saying patient information was exposed.

Some 2.2 million current and former patients of cancer center 21st Century Oncology are being notified this month of a data breach that exposed their social security numbers, doctors’ names, diagnosis and treatment, and insurance information. The news comes on the heels of a high-profile ransomware attack against Hollywood Presbyterian Medical Center in Los Angeles, Calif., that held the hospital's systems for ransom until Hollywood Presbyterian paid the $17,000 ransom.

Healthcare organizations suffer about one cyberattack per month on average as well as the loss or exposure of patient data, according to a new Ponemon Group report published last week. About 13% of healthcare organizations in the US don’t know for sure how many attacks they have experienced, the report found.

The writing has been on the wall for some time: healthcare is a juicy target for financial cybercrime. A recent analysis by Trend Micro of 10 years of data breaches catalogued by nonprofit Privacy Rights Clearinghouse found that more than one-fourth of all reported data breaches since 2005 came from healthcare organizations. And those are only the ones that were reported; experts believe this is only the tip of the iceberg today in healthcare, where patient financial and insurance information is financially lucrative for the bad guys.

21st Century Oncology, a physician-led provider of integrated cancer care services in the 181 treatment centers across the US and Latin America, says it was alerted by the FBI in November of last year that an attacker had stolen its patient information, likely from one of its databases that housed patient names, social security numbers, physicians, diagnosis and treatment, and insurance information. The FBI asked 21st Century Oncology to hold off on announcing the incident initially during its investigation of the attack.

The healthcare company said in a statement: 

"21st Century Oncology is currently investigating an unauthorized third party intrusion into our network. The FBI recently advised 21st Century that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database. Upon learning of the intrusion, we immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security. In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."

Cameron Camp, a senior security researcher with ESET, which commissioned the Ponemon Group study, says it’s likely that many healthcare organizations don’t even know their networks have been infiltrated. "I imagine this industry is in kind of a discovery phase," Camp says.

Some 535 IT and IT security practitioners in healthcare organizations were surveyed for the report, most of whom come from organizations with 100- to 500 employees.

Twenty-six percent of healthcare organizations in the study weren’t sure if they had suffered a cyber incident in the past year that lost or exposed patient information, Cameron says. That’s "almost slightly more scary," he says.

And software vulnerabilities older than three months old are the most common root of attacks against healthcare organizations. Nearly 80% point to those older vulns, and 75% say Web-borne malware was the culprit. Software vulns less than three months old (70%), spear phishing (69%), and lost or stolen devices (61%) were the other most common security incidents suffered by healthcare.

"There’s a disconnect between perception of security and compliance-driven security," Camp says of the healthcare organizations’ responses in the report. "What they thought were bad things and what actually happened is sort of interesting."

Healthcare organizations in the study they were hit with vulnerabilities that were more than three months old, so those bugs apparently hadn’t been patched. "They’re getting hit by old exploits. Is that a knowledge gap?" says Camp, who will deliver a presentation in May at Interop Las Vegas on how malware infiltrates virtual systems.

Advanced persistent threat (APT) incidents hit healthcare about once every three months, according to the Ponemon study. About one-fourth of the respondents say their organization has defenses against these types of attacks, and 21% say they are unsure if they do. When they are hit by an APT or zero-day attack, 63% say it causes mainly IT downtime, followed by disruption of services for patient care (46%) and theft of personal information (44%).

More than one-third of healthcare organizations suffered a DDoS attack in the past 12 months that cost them an average of $1.32 million.

Healthcare organizations aren’t very confident about their security, either: just 33% feel their security is "very effective," with a lack of resources and proper funding the bulk of the underlying problem. Spending-wise, healthcare organizations are logging some $23 million on IT, 12% of which goes to security. More than 80% of healthcare organizations say patient medical records is the most lucrative information for cybercriminals and other cyber-attackers, followed by patient billing information (64%) and clinical trial and research (50%).

"The fact that 21st Century Oncology has been breached should set off alarm bells to other companies in the healthcare industry," says Kevin Watson, CEO of Netsurion, a data and network security services provider for healthcare and other organizations. "We know that hackers are in constant pursuit of highly sensitive, personal data and that they are equipped with sophisticated methods to gain access to it."

Related Content:


Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.