Healthcare spikes data breach fever, endpoint threat detections grow 60%

The healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82 percent in Q3 2019 over the previous quarter, according to Malwarebytes.

The two most dangerous Trojans of 2018–2019 for all industries, Emotet and TrickBot, were the two primary culprits. Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the number one threat to healthcare today.

Due to aging infrastructure, low IT budgets and a wealth of personally identifiable information (PII), healthcare institutions are becoming prime targets for cybercriminals.

“Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cybercriminals,” said Adam Kujawa, Director of Malwarebytes.

“Emotet, TrickBot, exploit, and backdoor detections targeting healthcare organizations are known to drop ransomware payloads later in their attack chains. For too long, these organizations have suffered due to antiquated equipment and underfunded IT departments, making them especially vulnerable.

“We should be arming healthcare now with extensive security measures because this pattern suggests that ransomware is looking to penetrate healthcare organizations from several different angles.”

Healthcare malware: Key findings

• There was a 60 percent increase in threat detections at healthcare organizations in the first three quarters of 2019 when compared to all of 2018.
• Healthcare is currently the seventh-most targeted industry by cybercriminals; education and manufacturing took the top two spots in 2019.
• Endpoint detections have grown 45 percent from 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3.
• Trojans, hijackers and riskware each surged by over 80 percent from Q2 2019 to Q3.

Top attack methods for healthcare networks in the last year

• Exploiting vulnerabilities in third-party vendor software, such as medical management apps or custom software for hospitals and medical practices
• Taking advantage of weak security postures due to staff negligence, user error and poor patching cadences
• Using social engineering methods, such as phishing and spear phishing emails to deliver malicious attachments and links.

Of the four regions of the United States, the West’s healthcare institutions were most targeted by malware, leading the pack at 42 percent of total US detections. The Midwest was not far behind at 36 percent. The South and Northeast had far fewer detection percentages at 15 and 7 percent, respectively.

The consequences of a cybersecurity breach in healthcare can be especially daunting. Patient data can be exposed, and worse, lives jeopardized, as critical equipment and information may hang in the balance during an attack.

For this reason, it is especially crucial that healthcare institutions work to upgrade their security posture, train and retrain employees, and establish and practice protocols in the event of an attack.

As new technological innovations are introduced in healthcare, it will become increasingly important to consider security in product or platform design, rather than trying to add it as an afterthought.