New report spotlights top malware threats to hospitals

Trojans, riskware, spyware and worms all plague healthcare, which leads all industries in number of data breaches.
By Benjamin Harris
11:12 AM

Insecure IoT devices, lack of proper authentication and poorly secured legacy technology are just some of the reasons that the healthcare industry is leading the pack in experiencing data breaches across industries – and explain why a variety of malware bugs are running rampant across health system IT networks.

WHY IT MATTERS
BakerHostetler’s 2019 Data Security Incident Response Report finds that insufficient IT infrastructure, paired with the the troves of sensitive patient information make health systems a ripe target for hackers.

These attacks come in the form of spyware, ransomware, and even a new class called fileless malware that is almost undetectable. The most prevalent threats are information-stealing Trojan horse attacks, with riskware at a distant second place, according to another recent security review.

WHY IT MATTERS
Information is at risk from attacks of varying degrees of sophistication. Most commonly, phishing emails provide an entree for hackers into healthcare systems, although the report identifies other security vulnerabilities.

Once malicious software like the Emotet trojan – an information stealer that propagates itself throughout a network – gets installed, it can be very difficult to remediate. Ransomware like WannaCry encrypts data and locking hospitals out of it until they pay for its release.

Hospital IT systems can even be hijacked for purposes like Bitcoin mining, which can slow down and compromise a network without being directly malicious. All of these threats compromise patient safety and security.

Healthcare, notorious for having IT that lags behind other industries and being rich with sensitive data, presents an ideal target for hackers.

THE LARGER TREND
It is well known that many healthcare organizations are falling short of HIPAA and other cybersecurity guidelines. Sensitive files are often left wide open to anyone through everything from improper permissions to lax security around monitoring user accounts.

It is important to note that even if parts of a security system are upgraded, even a small gap in the armor or a legacy system can make the strongest protections adjacent to it worthless.

While the vulnerabilities are many, some of the major causes of breaches are improper access permissions for outside contractors, poorly secured laptops , and the ever-present human risk of having an employee unwittingly download and open a virus through a phishing email or other insecure link.

ON THE RECORD
"Threat actors have modified their tools, tactics, and procedures to avoid detection,"  said researchers in the BakerHostetler report. "They are using credential harvesting tools to gain legitimate admin credentials so they can “live off the land” as they move through networks. They are using legitimate system tools, like PowerShell, to broadly deploy their tools. They are injecting their malware into running processes instead of writing them to disk to avoid detection by antivirus programs."

The report also noted that, toward the end of 2018, researchers saw "changes in the ransomware threat that has continued into 2019. Instead of pushing out commodity malware broadly, threat actors are buying access to environments from other threat actors. When they get into the network, they may find and delete backups before deploying the ransomware to many devices. The threat actors are also paying more attention to identifying their victims and demanding a higher ransom."

Benjamin Harris is a Maine-based freelance writer and and former new media producer for HIMSS Media.
Twitter: @BenzoHarris.