HITInfrastructure

Security News

Healthcare Industry Now a Leading Target for Cyberattacks

Increased cyberattacks require healthcare organizations to adopt more proactive methods of network defense.

healthcare cybersecurity

Source: Thinkstock

By Elizabeth O'Dowd

- Healthcare surpassed the public sector this year in reporting the greatest number of security incidents in Q2, according to a new study released by McAfee.

The healthcare industry accounted for 26 percent of cyberattacks over between April and June of this year, taking over as the most attacked sector breaking the six-quarter streak previously held by the public sector.

The report stated that many healthcare data breaches are likely the result of human error such as accidental disclosure, however healthcare cyberattacks continue to increase.

“Whether physical or digital, data breaches in healthcare highlight the value of the sensitive personal information organizations in the sector possess,” McAfee Labs Vice President Vincent Weafer said in a statement. “They also reinforce the need for stronger corporate security policies that work to ensure the safe handling of that information.”

The study found that 50 percent of cyberattacks hit the health, public, and education sectors. Malware and ransomware also grew over second quarter.

New ransomware samples increased by 67 percent over the past year to a total of 52 million instances because of the rise in trojan malware. Ransomware also increased by 54 percent with 10.7 million samples from last year. Malware also took over mobile as mobile malware grew 61 percent to 18.4 million samples over Q2 2016.

The report also reexamined WannaCry and NotPetya and their lasting effects on health IT infrastructure. While both attacks were extremely serious to the healthcare vertical, McAfee’s research declared them unsuccessful overall in their ability to extort organizations.

“It has been claimed that these ransomware campaigns were unsuccessful due to the amount of money made,” McAfee Chief Scientist Raj Samani said in a statement. “However, it is just as likely that the motivation of WannaCry and NotPetya was not to make money but something else. If the motive was disruption then both campaigns were incredibly effective. We now live in a world in which the motive behind ransomware includes more than simply making money, welcome to the world of pseudo-ransomware.”

The study also noted a significant increase in script-based malware over the past two years. Script-based malware is when cyberattackers use scripting techniques to strengthen their malware.

McAfee noticed that the Microsoft scripting language is being used to hack into automated processes such as running background commands and managing server configurations. The infected PowerShell scripts enter the network via spam emails and reengineer automated commands rather than work themselves through existing software vulnerabilities.

McAfee says that the script-based malware includes the weaponization of JavaScript, VBScript, and other types of non-executable modules using .doc, PDF, .xls, HTML, and other personal computing standards.

The report also suggests ways organizations can discover the existence of more advanced threats in their health IT infrastructure.

“Threat hunters focus on threats—not on vulnerabilities, exploits, and malware, which are dealt with by regular security tools, people, and processes,” said the report. “Threat hunters look for artifacts or evidence that could indicate the presence of an adversary in the network, helping to contain and eliminate an attack before it raises an alarm or results in a data breach.”

“The goal is to disrupt attackers and prevent them from achieving their objectives,” the report continued. “As we learn and gather information, threat hunting enables security operations to study attackers’ behaviors and build more visibility into the attack chain. This results in a more proactive stance for the security operations center, shifting the focus to earlier detection, faster reaction times, and enhanced risk mitigation.”

Threat hunting involves using existing tools such as firewalls, proxies, and email filters to identify indicators of compromise (IOCs).

Popular IOCs include IP address, unusual DNS requests, HTML response resize, domain, URL and file name.

“The goal is to detect the presence of an adversary, and the earlier in the process the better,” said the report. “Detecting at the delivery or exploitation phases, when the attack is first infiltrating the system, is highly desirable but not simple, as these techniques adapt and evolve frequently.”

Healthcare organizations looking to be more proactive about their cybersecurity can leverage threat hunting techniques to stop more complex cyberattacks.