The healthcare industry sees 340% more security incidents and attacks than the average industry, according to a recent report.
The Raytheon/Websense Security Labs’ 2015 Industry Drill-Down Report — Healthcare notes that medical information is 10 times more valuable than other types of information on the black market, which makes healthcare a major target for cybercriminals. The proliferation of electronic health records creates a data-heavy environment, while networks comprising thousands of providers present an enormous attack surface, the report says.
“The rapid digitization of the healthcare industry, when combined with the value of the data at hand, has led to a massive increase in the number of targeted attacks against the sector,” said Carl Leonard, Raytheon/Websense principal security analyst, in a statement accompanying the report. “While the finance and retail sectors have long honed their cyber defenses, our research illustrates that healthcare organizations must quickly advance their security posture to meet the challenges inherent in the digital economy — before it becomes the primary source of stolen personal information.”
In 2014, Websense identified a 600% increase in cyberattacks against hospitals within a 10-month period. As a follow up to this discovery, Raytheon/Websense Security Labs recently examined the real-world attack telemetry against healthcare, and it uncovered new intelligence about the most prolific and effective cyberattack tools, techniques, and security trends impacting the industry.
One in every 600 attacks in the healthcare sector involve advanced malware, according to the report. In fact, the healthcare sector is four times more likely to be impacted by advanced malware than any other industry. “With many organizations lacking budget and the administrative, technical or organizational skills necessary to detect, mitigate and prevent cyber-attacks, advanced malware presents a significant threat to healthcare infrastructure,” the report says.
Additionally, the healthcare sector is 74% more likely to be impacted by phishing schemes. A lack of effective security awareness training and employee security awareness programs often compounds the danger of increased phishing attempts, which results in more security incidents, the report notes.
Healthcare is 4.5 times more likely to be impacted by the malware Cryptowall and three times more likely to be impacted by the malware Dyre. Dyre was first used to target the financial sector and successfully stole hundreds of millions of dollars. New exploit capabilities make Dyre malware a significant data loss threat for healthcare organizations worldwide, the report explains, while Cryptowall encrypts and holds hostage critical healthcare data for ransom. (The full report is available at http://tinyurl.com/phk339s.)
