Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Connect Directly

Cancer Center Breach Another Symptom Of Healthcare’s Growing Epidemic

Healthcare organizations suffered nearly one cyberattack per month in the past year, with nearly 50% saying patient information was exposed.

Some 2.2 million current and former patients of cancer center 21st Century Oncology are being notified this month of a data breach that exposed their social security numbers, doctors’ names, diagnosis and treatment, and insurance information. The news comes on the heels of a high-profile ransomware attack against Hollywood Presbyterian Medical Center in Los Angeles, Calif., that held the hospital's systems for ransom until Hollywood Presbyterian paid the $17,000 ransom.

Healthcare organizations suffer about one cyberattack per month on average as well as the loss or exposure of patient data, according to a new Ponemon Group report published last week. About 13% of healthcare organizations in the US don’t know for sure how many attacks they have experienced, the report found.

The writing has been on the wall for some time: healthcare is a juicy target for financial cybercrime. A recent analysis by Trend Micro of 10 years of data breaches catalogued by nonprofit Privacy Rights Clearinghouse found that more than one-fourth of all reported data breaches since 2005 came from healthcare organizations. And those are only the ones that were reported; experts believe this is only the tip of the iceberg today in healthcare, where patient financial and insurance information is financially lucrative for the bad guys.

21st Century Oncology, a physician-led provider of integrated cancer care services in the 181 treatment centers across the US and Latin America, says it was alerted by the FBI in November of last year that an attacker had stolen its patient information, likely from one of its databases that housed patient names, social security numbers, physicians, diagnosis and treatment, and insurance information. The FBI asked 21st Century Oncology to hold off on announcing the incident initially during its investigation of the attack.

The healthcare company said in a statement: 

"21st Century Oncology is currently investigating an unauthorized third party intrusion into our network. The FBI recently advised 21st Century that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database. Upon learning of the intrusion, we immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security. In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."

Cameron Camp, a senior security researcher with ESET, which commissioned the Ponemon Group study, says it’s likely that many healthcare organizations don’t even know their networks have been infiltrated. "I imagine this industry is in kind of a discovery phase," Camp says.

Some 535 IT and IT security practitioners in healthcare organizations were surveyed for the report, most of whom come from organizations with 100- to 500 employees.

Twenty-six percent of healthcare organizations in the study weren’t sure if they had suffered a cyber incident in the past year that lost or exposed patient information, Cameron says. That’s "almost slightly more scary," he says.

And software vulnerabilities older than three months old are the most common root of attacks against healthcare organizations. Nearly 80% point to those older vulns, and 75% say Web-borne malware was the culprit. Software vulns less than three months old (70%), spear phishing (69%), and lost or stolen devices (61%) were the other most common security incidents suffered by healthcare.

"There’s a disconnect between perception of security and compliance-driven security," Camp says of the healthcare organizations’ responses in the report. "What they thought were bad things and what actually happened is sort of interesting."

Healthcare organizations in the study they were hit with vulnerabilities that were more than three months old, so those bugs apparently hadn’t been patched. "They’re getting hit by old exploits. Is that a knowledge gap?" says Camp, who will deliver a presentation in May at Interop Las Vegas on how malware infiltrates virtual systems.

Advanced persistent threat (APT) incidents hit healthcare about once every three months, according to the Ponemon study. About one-fourth of the respondents say their organization has defenses against these types of attacks, and 21% say they are unsure if they do. When they are hit by an APT or zero-day attack, 63% say it causes mainly IT downtime, followed by disruption of services for patient care (46%) and theft of personal information (44%).

More than one-third of healthcare organizations suffered a DDoS attack in the past 12 months that cost them an average of $1.32 million.

Healthcare organizations aren’t very confident about their security, either: just 33% feel their security is "very effective," with a lack of resources and proper funding the bulk of the underlying problem. Spending-wise, healthcare organizations are logging some $23 million on IT, 12% of which goes to security. More than 80% of healthcare organizations say patient medical records is the most lucrative information for cybercriminals and other cyber-attackers, followed by patient billing information (64%) and clinical trial and research (50%).

"The fact that 21st Century Oncology has been breached should set off alarm bells to other companies in the healthcare industry," says Kevin Watson, CEO of Netsurion, a data and network security services provider for healthcare and other organizations. "We know that hackers are in constant pursuit of highly sensitive, personal data and that they are equipped with sophisticated methods to gain access to it."

Related Content:


Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.