Health IT

Healthcare under attack as data theft rates surge

By: Carl Leonard, principal security analyst at Raytheon|Websense
Published: Thursday, October 15, 2015 - 12:48 GMT Jump to Comments

The health and care industries are progressively coming under attack from cybercriminals as the value of people’s health data skyrockets.

The challenges facing the industry to protect patient data are growing as healthcare organisations are increasingly looking to digital technology to gather, store and share data and patient information more effectively and efficiently.

Modern medical care is now delivered through an incredibly complex network of IT systems that connect patients, doctors, nurses, pharmacists, technicians, administrators, accountants and insurance companies with electronic health records and medical devices.

The knock-on effect of these processes becoming digital and networked is that functionality and connectivity take first priority, with security often seen as an afterthought. As a result, healthcare organisations are particularly vulnerable to cyberattacks and the modern day cybercriminal has swiftly realised the opportunity to capitalise.

Healthcare under attack

Raytheon|Websense’s global study of healthcare organisations has discovered that the industry sees 340 percent more security incidents and attacks than the average industry. Companies in the healthcare industry are also 200 percent more likely to encounter data theft.

Healthcare organisations are particularly vulnerable to attacks that utilise advanced malware. One in every 600 attacks against them involves advanced malware, and the reason behind this huge volume is that healthcare organisations are 400 percent more likely to be impacted by it.

The study found that the healthcare industry is particularly vulnerable to ransomware. It is 250 percent more likely to be impacted by Cryptowall, for example. Also prevalent within the healthcare industry are Dyre (300 percent more likely) and phishing schemes like FakeBank (74 percent).

Dyre’s ‘Man In The Middle’ capabilities make this threat a dangerous proposition for healthcare professionals worldwide, at a time when the industry works to deliver good quality healthcare to their patients.

Another form of attack that is increasingly popular against the industry is Dropper Files, which are used to deposit a vast variety of malware and open backdoors into IT systems for cybercriminals to exploit. Droppers are 376 percent more likely to be encountered by healthcare organisations – up from 200 percent in 2014.

A treasure trove of risk

Healthcare records hold a treasure trove of data that holds massive value to cybercriminals. No other single type of record contains as much Personally Identifiable Information (PII) that can be used in a multitude of different follow-up attacks and various types of fraud. Health records not only contain vital information on the identity of an individual – such as name, address, social security details – but also often link to financial and insurance information.

Access to PII allows an attacker to commit identity fraud, while financial information can lead to financial exploitation. This is a logical and profitable secondary attack area for cybercriminals who have already dealt in stolen credit card data.

The biggest incentive for attackers is the sheer value of this data. People’s protected health information (PHI) are now ten times more valuable to cybercriminals than credit card details. Healthcare is also emerging as the industry with the highest cost per stolen record. The average cost for organisations reached as high as $363, according to the Ponemon Institute’s annual Cost of Data Breach Study: Global Analysis report.

Where it’s all going wrong

The challenges racking up against the healthcare industry point to deep-lying problems with how organisations approach cybersecurity. Indeed, many healthcare organisations simply lack the administrative, technical or organisational skills necessary to detect, mitigate and prevent cyberattacks.

Earlier this year a study by KPMG found that just 53 percent of executives at healthcare providers and 66 percent of health insurers said they are prepared to defend against attacks. Furthermore, in a 2015 Health Information Management and Systems Society (HIMSS) Leadership Survey, an overwhelming majority of CIOs cited budget and resources as being major roadblocks to accomplishing objectives - even as their role continues to increase in complexity.

The HIMSS also advised that healthcare organisation should be spending at least ten percent of their IT budget on cybersecurity, but the industry average is currently floundering at just three percent.

Further exacerbating this is the fact that many hospitals have still failed to implement even basic preventative measures such as intrusion detection systems, infrastructure security assessments, remote data wiping of mobile devices, or encryption – giving cybercriminals free reign to infiltrate their systems.

Time for action

The headline-grabbing figures facing the healthcare industry support the Information Commissioner’s Office’s finding that healthcare data leaks doubled between 2013 and 2014, which led to the watchdog having to issue fines totaling £1.3m to NHS organisations.

To avoid further fines – which are only going to increase with the impending harshness of punishment against companies that suffer data breaches – healthcare organisations have to seriously up their game in the fight against cybercriminals. They must dramatically improve their defenses and their employees’ security knowledge.

The sheer amount of PII and PHI data available in the healthcare industry means it will remain both an attractive target to attackers and a weak point for employees who are uneducated to the threats within the landscape. Healthcare executives must switch on to the danger of cyberattacks and the duty upon them to protect their organisations and their patients.

Better quality, ongoing security training for employees and a more thorough understanding of the evolving cyber threats, the dangers they pose and how to defend against them is absolutely imperative to countering breaches and the high cost of remediation.

The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of The Information Daily, its parent company or any associated businesses.



Outdated infrastructure and an increasingly fragmented market threaten the future of technology-enabled integrated care.

County Durham voters back devolution in the North-East, Sir Digby Jones considers run for West Midlands mayor…

The recent launch of The Mayoral Tech Manifesto 2016 on London’s digital future, sets out a clear agenda…

The manufacturing industry is currently facing scrutiny from parties concerned for its survival. Far from facing…

Almost a year ago, I made some predictions for what would take place in government and public sector customer…

Sheffield, Warrington and Doncaster announce cuts, Lincolnshire is held to data ransom, fight begins for West…

Working for an education charity delivering numeracy and literacy programmes in primary schools, I’m only…

Northamptonshire County Council recently received the maximum four star rating from Better connected after putting…

Historically, the entrance of new generations into the workplace has caused varying levels of disruption. The…

Following another commendation for digital services, Surrey County Council's Web and Digital Services Manager,…

We cannot carry on spinning the roulette wheel that is cyber security, knowing that the “castle and moat”…

This week David Cameron wades into row over £69m of cuts planned by Oxfordshire CC; Stoke on Trent plans…