Healthcare firms three times more likely to see data breaches

Companies in the healthcare sector are three times more likely to encounter data theft than the average firm, according to a report released this morning.

The industry also sees 340 percent more security incidents and attacks than usual, said Carl Leonard, principal security analyst at Raytheon|Websense, which produced the report based on analysis of real-time security telemetry feeds from global healthcare organizations.

Healthcare is also 400 percent more likely to be hit by advanced malware, 450 percent more likely to be hit by Cryptowall, and 74 percent more likely to get phishing emails.
Ransomware in particular could be very damaging to healthcare organizations, since the integrity of health records could literally mean life and death for patients.

"The malware authors realize that," Leonard said. "If they can threaten to encrypt that and restrict access to that data, the health careprofessional is more willing to pay ransom."
He recommended that organizations avoid engaging with the criminals, since paying the ransom is no guarantee that the files would be returned safely. Instead, he suggested that organizations step up their defenses, set up systems to detect and block ransomware before it can do damage, and, as a failsafe, have backup systems in place and test them regularly.

To make things even worse, not only are healthcare companies hit by a larger number of threats, but they are also getting hit by a wider variety of threats, as well, said Leonard.

"A threat type could be very popular in the healthcare for one day," he said.

Then attacks would return to a more usual pattern, until the next new type of attack.

That makes it difficult for security professionals to defend against them, he said. The attacks last a short time, so by the time the defenders have a handle on them, the cybercriminals have moved on to another tactic.

"To be most effective, they are using the element of surprise to defeat security," he said.

Other industries, such as the financial services, see a more consistent pattern of attacks, he said.

The reason? It's all about the money.

"The data that healthcare organizations have is a treasure trove for criminals," he said. "They can use that data for multiple purposes."

Plus, healthcare organizations are in the process of moving all their data to electronic health records, and are increasingly sharing that data with healthcare providers, clinics, insurance companies, and other industry participants.

That means that criminals have a broader attack surface, and the defenders aren't as battle-hardened as those in other industries.

The dawning of the age of the Internet of Things will only ratchet up the pressure, Leonard said.

"You can have electronic devices recording patient information and transmitting it, which presents another attack surface area," he said.

Meanwhile, up to 75 percent of hospital network traffic is unmonitored by security solutions out of fear that improper configuration or false positive could put the safety of patients at risk.