U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Healthcare Industry Tops List of Hacker Targets: More than 100 Million Medical Records Compromised in 2015

According to a research conducted by IBM the healthcare industry was a privileged target of cybercriminals last year, more than 100M Records Compromised. The healthcare industry was the number one target of cybercriminals in 2015, new research indicates. Previously, the banking industry held the top position. In 2015, more than 100 million healthcare records were […]

Signature Healthcare

According to a research conducted by IBM the healthcare industry was a privileged target of cybercriminals last year, more than 100M Records Compromised.

The healthcare industry was the number one target of cybercriminals in 2015, new research indicates. Previously, the banking industry held the top position.

In 2015, more than 100 million healthcare records were compromised, according to IBM’s “2016 Cyber Security Intelligence Index.” It is based on data collected between January 1, 2015 and December 13, 2015 and from more than 8,000 client devices in over 100 countries.

The Independent reports that “five of the eight largest healthcare security breaches since the beginning of 2010, with more than one million records compromised, took place during the first six month of 2015.”

Healthcare records are a veritable jackpot for cybercriminals, providing them access to credit card data, Social Security numbers, employment information and medical history records. These can be used in the commission of fraud and identity theft. The following is just one example of the impact of medical records having been hacked:

“Martin Borrett, CTO IBM Security Europe, explained how much damage stolen health data can cause and why it is such a target for theft.

‘We had a situation with a colleague from IBM in the US. John Kuhn, a senior security threat researcher, had to show hospital staff his stomach to prove he did not have a scar from the surgery they had charged him for.

John’s medical records had been stolen, and sold to someone else who had used them to have the surgery, leaving him with a $20,000 bill.’”

Another disturbing element of the findings for 2015 is that approximately 60 per cent of cyber-attacks were conducted by “insiders.”

The top five industries targeted by hackers:

  • Healthcare
  • Manufacturing
  • Financial Services
  • Government
  • Transportation

Healthcare Industry MedicalData-breach

Ransomware attacks on hospitals have been in the news frequently of late, having occurred in California, Indiana, Kentucky, and Maryland. Because of the nature of the business of hospitals, hospital personnel is coerced into a rushed decision-making process in order to recover their systems and avoid disruption of patient care.

Why has healthcare become such an appealing target?

  • Healthcare has never been a secure industry. With the onset of health information technology, many new vendors neglected taking security measures so that they could launch their products as quickly as possible. Subsequently, burgeoning digital healthcare institutions were left vulnerable to cyberattacks.
  • Lives are at stake. Ransomware has been effective for cybercriminals because healthcare is time-sensitive. It is often not feasible for healthcare practitioners and patients to wait until a solution can be found that would allow them to avoid paying the ransom.
  • Healthcare data is lucrative. Social Security numbers, medical histories, insurance provider information, patient medications and other data can yield large profits for cybercriminals.
  • Application-heavy environments are ripe for attacks. “This in itself is not a security risk or problem, but more diverse systems … [may] require them to use old systems,” says Mike Hanley, director of Duo Labs.
  • The healthcare industry continues to use out-of-date, legacy systems. Eighty-two percent persist in using obsolete technology, including unsupported versions of Internet Explorer.

Relating computer security to the health-conscious practices healthcare providers have in place, Hanley said: “[It’s about] getting back to the basics, user education, security hygiene.”

Written by: Sneacker 

Author Bio: Sneacker is a writer who works in the information technology field. She is a member of GhostSec, a counterterrorism unit within the Anonymous collective, and participant in #OpISIS.

[adrotate banner=”9″]

Edited by Pierluigi Paganini

(Security Affairs – Healthcare Industry, cybersecurity)