Cheap black market PHI drives ransomware, espionage

For a few hundred dollars, any hacker can buy their way into a healthcare network.
By Benjamin Harris
11:54 AM
Cheap black market PHI drives ransomware, espionage

Hospitals are a treasure trove of valuable information for a wide range of online actors. Data can be held hostage through ransomware or can even be sought after by other nations as a means of espionage.

Despite being uniquely appealing to thieves, hospitals are still struggling with security, and data still is exposed on a variety of fronts. A new study by the security firm FireEye examines how the healthcare industry is impacted by these threats and finds that there are key troves of information hackers are most likely to exploit.

Attacks can occur long after a breach

Compromised health information can be bought cheaply online and a malicious attack can occur long after any breach. Because of the disparity between different organizations’ network strengths, hospitals with poorly secured networks are more frequent targets.

No data is fully safe: The report noted that clinical research will lure nation-states to underwrite major espionage actions. Even more alarming, connected biomedical devices with life-critical functions are vulnerable with grave potential impact in a theoretical targeted attack.

For as little as a few thousand dollars, and sometimes even less, anyone on the dark web can have a database of compromised personal health information (PHI) from a hospital or health system. FireEye has documented numerous database sales for as low as $300 – all of which could serve as a launching pad for anything ranging from a phishing attack to a ransomware takeover of the institution’s network and data.

Clinical research data

Financial gain through holding networks hostage isn’t the only goal of hackers, either. Valuable clinical research data have been sought after by nation-states like China, who FireEye says have been aggressive in intellectual property intelligence against the American hospital and medical research world.

Cancer research and medical device development are the two most hit targets, the firm found, although it noted that this may only be the spearhead of more incursions into confidential research and development data.

Cybersecurity has long been acknowledged as a major weak area in healthcare. As devices propagate and demands multiply it becomes harder to craft a network security strategy or to even train employees on security measures.

Getting in for a few hundred dollars

Add to that the motivations of malicious actors who can buy their way into a network for a few hundred dollars, who are motivated by anything from espionage to ransom.

Because of existing weaknesses and unknown breaches, it is reasonable to assume that any network can be compromised and may in fact already be. Faced with this situation, cybersecurity officials in any healthcare system need to secure their data and recognize the weakest areas in their network along with the most valuable data they contain.

Benjamin Harris is a Maine-based freelance writer and former new media producer for HIMSS Media.
Twitter: @BenzoHarris.