Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Healthcare Industry Woefully Ill-Prepared to Combat Cyber Attacks: Report

Attacks against medical devices and critical health care systems are no longer theoretical. In fact, according to a report from the SANS Institute, poorly protected health care systems are not able to fight off the barrage of attacks.

Attacks against medical devices and critical health care systems are no longer theoretical. In fact, according to a report from the SANS Institute, poorly protected health care systems are not able to fight off the barrage of attacks.

A staggering 94 percent of all healthcare organizations admit they have been victims of data breaches at some point, the SANS Institute found in its “Health Care Cyberthreat Report,” released Wednesday. What’s even more disconcerting that despite the high number, organizations that have been breached but haven’t disclosed the incidents, or haven’t discovered it yet, aren’t included in the tally.

Many networked medical devices, such as radiology imaging software, video conferencing systems, mail and VOIP servers, digital surveillance cameras, call contact software, and networked printers and fax machines were being compromised.

Healthcare IT Security Posture“Once compromised, these networks are not only vulnerable to breaches, but also available to be used for attacks such as phishing, DDoS and fraudulent activities launched against other networks and victims,” the report found.

Existing Security Not Enough

Security products weren’t sufficient to keep out the bad traffic. In fact, when SANS researchers examined device-based and organizational sources of malicious traffic, they found that most of the malicious traffic passed through some kind of security solution. For example, firewalls let through 16 percent of malicious traffic and 33 percent traveled over a virtual private network, the report found. Reuters and enterprise network controllers accounted for nine percent of malicious traffic.

These findings are worrisome in light of the fact that many of the healthcare-related organizations believe existing security controls such as a firewall are sufficient to protect against attacks. Considering many of these organizations have already been breached, the assumption appears to be naively optimistic.

The researchers found 49,917 unique malicious events, 723 unique malicious source IP addresses, and information about 375 U.S.-based compromised healthcare organizations while preparing the report. The data was collected between September 2012 and October 2013 by healthcare security and anti-fraud company Norse as part of its threat intelligence network.

Advertisement. Scroll to continue reading.

“The sheer volume of IPs detected in this targeted sample can be extrapolated to assume that there are in fact millions of compromised healthcare organizations, applications, devices, and systems sending malicious packets from around the globe,” the report found.

Compliance != Security

The healthcare industry in the U.S. is among the most regulated, but even so, organizations are not secure, the report said. Existing best practices have no kept up with evolving attack techniques, and organizations are failing to protect patient data, intellectual property, and payment information, along with the systems themselves. Once a breach occurred, attackers regularly launched phishing and distributed denial of service attacks, researchers found.

“From a compliance standpoint, the findings demonstrate that healthcare organizations could continue to find themselves in the same situation as healthcare companies such as the one WellPoint Inc. found itself in — on the receiving end of HIPAA fines reaching almost $2 million after exposing hundreds of thousands of ePHI,” the report found.

Attackers Exploiting Network

Network devices are frequently shipped from the vendor with a default configuration, which is generally insecure. Administrators are increasingly getting better about changing the configurations on their firewalls and other network devices so that default accounts don’t have easily guessable passwords, according to the report. However they are overlooking some types of devices, and attackers are taking advantage of that mistake. As far as the attacker is concerned, compromising a fax machine is just as effective as compromising a server.

“This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected. For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care,” said Barbara Filkins, a senior SANS analyst and principal author of the report.

An overhaul in how the healthcare industry approaches security is necessary, according to the report. Organizations need to perform a thorough assessment to identify all the devices connected to the network and to flag all the older, vulnerable software and networked equipment which need to be replaced, the report recommended. Once organizations know what is on their network, they can figure out ways to secure them. Healthcare organizations also need to step up and maintain ongoing patch management and vulnerability assessments.

“Although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price,” said Norse’s Glines.

While this report put the healthcare industry under the microscope, we must ask, are other industry verticals much better off?

The full report is available online.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.