Cybercriminals deploy malware for half of successful cyberattacks, IBM study finds
Forty eight percent of successful healthcare cyberattacks result from a criminal gaining access to a system or data by injecting malicious content. Such attacks include injecting unexpected items into a system database or through the host operating system running a website that then tells the system how to act, a new report from IBM Managed Security Services found.
What’s more, 19 percent of successful healthcare cyber-attackers gain unauthorized access through the manipulation of system data structures, according to the new report entitled “Security Trends in the Healthcare Industry.” Here, a hacker leverages vulnerabilities in data processing to alter the execution path of a process and then takes over.
The report also found that 9 percent of healthcare cyber-attackers attempt to manipulate or corrupt the availability or aspect of a resource’s state (i.e. files, applications, libraries, infrastructure, etc.). Successful attacks here enable an attacker to cause a denial of service, as well as execute arbitrary code on a target machine.
To better understand the healthcare security challenge, IBM Managed Security Services, which processes 1 trillion security events every month for more than 4,500 clients across 133 countries, analyzed the aggregate healthcare data accumulated in 2016, the vendor explained.
In 2016, the volume of compromised records was not as great as in 2015, but breaches continued to cause operational, financial and reputational damage to healthcare organizations and, in fact, the number of breaches rose, IBM. A total of 320 breaches involving unsecured protected health information were posted by the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal, an increase of 18.5 percent over 2015.
Attackers are continuing to sharpen their focus on healthcare because the exploitable information in an electronic health record brings a high price on the black market.
Ransomware is flourishing in healthcare as well. Security incidents involving this malware are expected to continue rising in 2017, and it was one of the top security threats in 2016, the IBM report found. For example, the criminals responsible for distributing the now infamous Locky ransomware focused on the healthcare industry early in the year. Numerous reports of incidents involving the malware surfaced globally in February 2016, the targets including a New Zealand health board and several hospitals in Germany.
In some cases security prevailed. But perhaps healthcare organizations are targeted more often than others in this widespread malware epidemic because attackers are experiencing relative success against them; in other words, hospitals and clinics may be more willing than others to pay for the decryption of their critical and sensitive information, especially when such attacks paralyze their operations and affect both patients and staff, the report said.
One area healthcare organizations should keep sharp tabs on is vendors, the report contended. A security posture is only as strong as its weakest link, and the weakest link may be the third-party vendor with which a healthcare organization does business, the report said. The practice of outsourcing the management of EHRs is growing and any of the scores of vendors in this space could serve as an attacker’s point of entry in a healthcare data breach, IBM said. One of the largest healthcare breaches of the last five years was the compromise of a provider of software services to the healthcare industry that exposed data on almost four million individuals, the report said.
But threats often come not just from the outside but from the inside. Healthcare organizations continue to be victimized by insiders, both malicious and inadvertent. According to IBM Managed Security Services data, 68 percent of all network attacks targeting healthcare organizations in 2016 were carried out by insiders and more than one-third of those attacks involved malicious actors. A notable incident from April 2016 highlights the danger from individuals motivated by malice. Reportedly, the personal information of children vaccinated at Chinese hospitals was obtained partly through unauthorized access and partly by malicious insiders collaborating with attackers who subsequently posted the information for sale.
While malicious insiders are a concern, others who inadvertently or unwittingly introduce threats to an environment can cause just as much damage. From falling victim to phishing scams to misconfiguring servers to losing laptops, the mistakes and failings of an organization’s otherwise loyal insiders can often give attackers a wide-open gateway into its networks, the report said.