Malwarebytes highlights challenges facing the sector in quarterly study

Healthcare organizations are facing an increasing amount of cybersecurity threats, with the sector now reporting data breaches on a daily basis.

The sudden surge in attention towards healthcare, which now sits in between government and technology as the most frequently targeted sector by cybercriminals, is due to a number of factors that together make the industry simply an easy target to exploit.

That’s according to the cybersecurity firm Malwarebytes, which focuses on the challenges of securing these networks and the data that they hold in its latest cybercrime tactics and techniques report.

“Healthcare had more cybersecurity breaches than any other industry last year, and we’re thinking that it’s probably going to intensify,” Adam Kujawa, director of Malwarebytes Labs, told The Daily Swig.

“Usually these organizations have less sophisticated security models, and more complex ecosystems so that everybody can access the systems that they need to get their jobs done.”

High-value data

The Malwarebytes report, published today (November 13), takes a deep dive into why the healthcare sector remains so valuable to criminals – an appeal that predominately comes down to the personally identifiable information found in electronic health records (EHR).

“You think, okay, they’re [criminals] stealing medical information so it’s only going to be used for medical stuff, right? No. A lot of this data it goes far beyond that,” Kujawa said.

A 2017 report from the cybersecurity firm Trend Micro estimated that a complete EHR database was selling for $500,000 on dark web forums – an EHR can contain information such as Social Security numbers, financial information, date of birth, and other data available solely in the confines of health.

“The fact that I got a root canal may not matter,” Kujawa explained.

“But combine that with [the name of] my insurance company, when it [the root canal] happened, what city I live in, and you could potentially create a false claim against my insurance company, or use that information in other ways.”

Trojan threats and legacy systems

According to Kujawa, nearly all (89%) of Malwarebytes’ customers from the medical sector, both large and small, have reported a breach in the last two years. The security firm’s threat detections on healthcare organizations have also increased 60% since 2018.

Trojan malware – TrickBot and Emotet, in particular – routinely come out on top as threats to healthcare systems, as with any industry that has multiple end points to exploit.

“What we have definitely seen plenty of over the years is legacy systems utilizing outdated operating systems,” Kujawa said.

“We’ve seen plenty of medical devices communicating with Windows XP level technology”

“Usually outdated security is an afterthought,” he added.


Check out the latest healthcare data breaches and security news


Outdated or misconfigured systems allows trojans like TrickBot, which was mainly (80%) detected in the US Midwest, to spread throughout a network – an attack that is typically launched with a phishing email.

While employees’ susceptibility to click on malicious links has improved with mandatory security training across healthcare, a lack of IT staff within already budget constrained medical settings presents another problem.

“It’s an uphill battle,” Kujawa said.

“Usually the pay is not much compared to a tech company, or something like that, and then it comes down to the availability of people. There’s already a shortage, overall, in the cybersecurity workforce.”

There are certain measures that healthcare organizations can look to take, but the speed in which technology evolves – paired with the cost of medical equipment – has made hospitals playing a constant game of catch-up.

“It comes down to who has access to what data, who has access to what systems, and what rights those systems have,” Kujawa said.

“Not every single nurse in the hospital needs to have admin access to the system that they’re working on, but at smaller hospitals or clinics, there’s definitely a practice of everyone having access to all the same systems.”

Cybercrime Tactics and Techniques: The 2019 State of Healthcare (PDF) used data from October 2018 through to September 2019.

The healthcare organizations that provided telemetry were predominately from the US market.


YOU MIGHT ALSO LIKE Healthcare CISO: ‘Throwing money at security doesn’t make a company secure’