Hacktivist vs. cyberterrorist: Understanding the 5 enemies of healthcare IT security

According to Critical Infrastructure Technology report, cyber attackers can be categorized according to their target, tactics, techniques, malware and procedures.
By Jessica Davis
11:15 AM

From "script kiddies" to sophisticated nation states, healthcare organizations have to be on the lookout for a variety of dangerous bad actors looking to crack its cybersecurity defenses, according to a recent Institute for Critical Infrastructure Technology report.

The possible impacts from a healthcare security breach are vast. Data from administrative or electronic health record systems can be used to steal the identity of patients and employees, which creates a financial burden and can even lead to legal ramifications.

Furthermore, false information provided by the hacker can also increase the risk of medical complications, according to the report.

"Healthcare providers, the largest target, are focused on their mission: saving lives," according to the ICIT report. "Meanwhile, healthcare payers focus on processing the transactions necessary to keep patients healthy and healthcare providers operational.

"Both providers and payers devote the majority of their resources to fulfilling their mission,” the authors continued. “Sadly, attackers have seen this selfless dedication to human life as sign of weakness." 

Information stolen via healthcare breaches can be used for insurance fraud, identity theft, financial gain or targeted attacks, which can be sold online or used by the attackers for personal gain.

According to the report, cyber attackers can be categorized according to their target, tactics, techniques, malware and procedures:

1. Cybercriminals are stereotypical attackers, targeting organizations to make money through extortion or the disclosure of compromised data. Ransomware, malware that holds data hostage until the owner pays the monetary award, will be the primary threat to organizations in 2016, especially to mHealth devices and mission critical assets.

[Also: Hacker group strikes Boston Children's]

2. Hacktivists are politically-motivated, targeting institutions with opposing political views to their agenda. They most commonly attack with a denial of service method, overloading a server until it crashes. When it comes to healthcare, hacktivists are looking for specific patient data, intellectual property or they're trying to embarrass the institution.

3. Cyberterrorists target systems to disrupt or destroy critical services and infrastructure of a specific nation, sector or organization. Attacks on the healthcare sector are designed to frame a lesser hacking group to cause turmoil or cause panic.

4. Nation State Actors sponsor other threat groups that launch against foreign governments and organizations. They rely on advanced malware customized to their target and often contain rootkits for a persistent presence, encryption to hinder reverse engineering and codes to mask its presence. The healthcare sector is targeted by nation state actors to disrupt service and collect personal data.

[Also: Russian hackers hit DoD: PHI at risk?]

5. Script Kiddies are the least skilled cyber attackers. They purchase, trade and use tools and malware developed by larger attackers. Most of these tools are automated, as the users aren't technically-savvy, and they enter through opportunistic means, through vulnerable systems.

Twitter: @JessiefDavis