It may not be surprising that attacks on healthcare organisations have jumped by 60% so far in 2019 considering that many of the breaches and ransomware attacks in the news frequently cite companies and bodies within the sector.
Malwarebytes has just published its latest report, as detailed by Dark Reading, finding that attacks are up nearly two thirds for the first nine months of 2019 compared to the whole of 2018. Hospitals, doctor’s offices, and other healthcare providers are being hit hard by attackers and frequently with Trojan malware. Trojan attacks have risen by 82% just between the second and third quarters of 2019.
Trojan malware is often used for breaching networks and controlling computers and is prevalent in ransomware attacks, of which there have been a number of high-profile hospital breaches. Some of the main culprits are Trickbot and Emotet, former banking industry vectors, now targeted at the medical industry.
– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series
Stolen medical data is valuable but public healthcare cybersecurity budgets are low
Earlier this year, we questioned why healthcare sector attacks were on the rise, with the help of Carbon Black study we outlined the value of stolen medical data.
Adam Kujawa, the director of Malwarebytes Labs says:
“You think about some of the attacks we’ve seen, such as what happened with WannaCry and the UK’s National Health Service … and you figure they would have focused more on security.”
The Malwarebytes report may already outline the answer:
“Medical institutions are fighting an uphill security battle, as budget dollars are often diverted to research, patient care, or new technology adoption.”
At least for public healthcare providers cybersecurity is an “afterthought.” The report adds:
“Doctors use legacy hardware and software, staff lack the security know-how to implement updates and patches in a timely manner, and many medical devices lack security software altogether.”
The healthcare sector, as per Malwarebytes, is actually the seventh most targeted group with education providers at the top of attacker’s lists. Perhaps too because of the low budgets, experience, and sometimes less than cutting-edge information technology in the public sector.
In the public sector, lobbying for additional cybersecurity budget and focus will take time. There are likely to be more breaches before governments commit to cybersecurity as a very top priority.
For private sector healthcare companies there is no excuse. Any private business should be at the top of its cybersecurity game knowing a simple breach can permanently ruin reputation and lead to complete corporate failure.
In our data breach round-up for last week we covered the breach at US healthcare group Starling Physicians that may have been caused by a phishing attack. And DNA testing startup Veritas Genetics revealed some of its customer information may have been illegally accessed via a customer portal affecting a small number of customers.
Your employees play a key role in helping to use technology safely, so why not help upskill them on the risks posed when using mobile devices? Sign up for a free demo of the world’s most interactive security awareness training.