Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Connect Directly

Cancer Center Breach Another Symptom Of Healthcare’s Growing Epidemic

Healthcare organizations suffered nearly one cyberattack per month in the past year, with nearly 50% saying patient information was exposed.

Some 2.2 million current and former patients of cancer center 21st Century Oncology are being notified this month of a data breach that exposed their social security numbers, doctors’ names, diagnosis and treatment, and insurance information. The news comes on the heels of a high-profile ransomware attack against Hollywood Presbyterian Medical Center in Los Angeles, Calif., that held the hospital's systems for ransom until Hollywood Presbyterian paid the $17,000 ransom.

Healthcare organizations suffer about one cyberattack per month on average as well as the loss or exposure of patient data, according to a new Ponemon Group report published last week. About 13% of healthcare organizations in the US don’t know for sure how many attacks they have experienced, the report found.

The writing has been on the wall for some time: healthcare is a juicy target for financial cybercrime. A recent analysis by Trend Micro of 10 years of data breaches catalogued by nonprofit Privacy Rights Clearinghouse found that more than one-fourth of all reported data breaches since 2005 came from healthcare organizations. And those are only the ones that were reported; experts believe this is only the tip of the iceberg today in healthcare, where patient financial and insurance information is financially lucrative for the bad guys.

21st Century Oncology, a physician-led provider of integrated cancer care services in the 181 treatment centers across the US and Latin America, says it was alerted by the FBI in November of last year that an attacker had stolen its patient information, likely from one of its databases that housed patient names, social security numbers, physicians, diagnosis and treatment, and insurance information. The FBI asked 21st Century Oncology to hold off on announcing the incident initially during its investigation of the attack.

The healthcare company said in a statement: 

"21st Century Oncology is currently investigating an unauthorized third party intrusion into our network. The FBI recently advised 21st Century that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database. Upon learning of the intrusion, we immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security. In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."

Cameron Camp, a senior security researcher with ESET, which commissioned the Ponemon Group study, says it’s likely that many healthcare organizations don’t even know their networks have been infiltrated. "I imagine this industry is in kind of a discovery phase," Camp says.

Some 535 IT and IT security practitioners in healthcare organizations were surveyed for the report, most of whom come from organizations with 100- to 500 employees.

Twenty-six percent of healthcare organizations in the study weren’t sure if they had suffered a cyber incident in the past year that lost or exposed patient information, Cameron says. That’s "almost slightly more scary," he says.

And software vulnerabilities older than three months old are the most common root of attacks against healthcare organizations. Nearly 80% point to those older vulns, and 75% say Web-borne malware was the culprit. Software vulns less than three months old (70%), spear phishing (69%), and lost or stolen devices (61%) were the other most common security incidents suffered by healthcare.

"There’s a disconnect between perception of security and compliance-driven security," Camp says of the healthcare organizations’ responses in the report. "What they thought were bad things and what actually happened is sort of interesting."

Healthcare organizations in the study they were hit with vulnerabilities that were more than three months old, so those bugs apparently hadn’t been patched. "They’re getting hit by old exploits. Is that a knowledge gap?" says Camp, who will deliver a presentation in May at Interop Las Vegas on how malware infiltrates virtual systems.

Advanced persistent threat (APT) incidents hit healthcare about once every three months, according to the Ponemon study. About one-fourth of the respondents say their organization has defenses against these types of attacks, and 21% say they are unsure if they do. When they are hit by an APT or zero-day attack, 63% say it causes mainly IT downtime, followed by disruption of services for patient care (46%) and theft of personal information (44%).

More than one-third of healthcare organizations suffered a DDoS attack in the past 12 months that cost them an average of $1.32 million.

Healthcare organizations aren’t very confident about their security, either: just 33% feel their security is "very effective," with a lack of resources and proper funding the bulk of the underlying problem. Spending-wise, healthcare organizations are logging some $23 million on IT, 12% of which goes to security. More than 80% of healthcare organizations say patient medical records is the most lucrative information for cybercriminals and other cyber-attackers, followed by patient billing information (64%) and clinical trial and research (50%).

"The fact that 21st Century Oncology has been breached should set off alarm bells to other companies in the healthcare industry," says Kevin Watson, CEO of Netsurion, a data and network security services provider for healthcare and other organizations. "We know that hackers are in constant pursuit of highly sensitive, personal data and that they are equipped with sophisticated methods to gain access to it."

Related Content:


Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.