Q1 Security Roundup: What the Soaring Volume of Healthcare Breaches Can Teach Us

by Ross Dyer

The cyber threat landscape evolves so quickly that sometimes it’s difficult to keep up. But there are two things you can count on to stay the same: the bad guys will always follow the money; and they’ll always take the path of least resistance. Unfortunately for the healthcare industry, it appears that it has become the latest favourite target for cyber attackers eager to expose some serious security shortcomings and harvest a treasure trove of valuable personal data.

This is just one of the insights revealed by Trend Micro’s latest quarterly Security Roundup report, which should provide plenty of food for thought for IT leaders working across all industries. Keeping abreast of the latest from the threat landscape is vital if you want to avoid your organisation becoming that path of least resistance.

Why healthcare?
As the report details, the first three months of the year played host to a series of high profile breaches in the sector. First came US healthcare giant Anthem, which allowed hackers to make off with records on 80 million customers and staff. Then there was Premera Blue Cross, where 11 million records were exposed. These two have the dubious honour of replacing the NHS as responsible for the worst healthcare breaches since 2011.

In many ways it’s not surprising that cybercriminals are increasingly focusing their efforts on the health sector. First up, the information in question is highly sensitive – which usually means it will fetch a high price on the black market. It’s also constantly on the move through multiple systems managed by multiple providers – from e-patient record systems to medical devices, hospital patient management systems and patient portals. This means there are potentially more points of failure. Add to this an IT environment largely comprised of a hotch potch of new and legacy systems, and a mix of on-premise, cloud and virtual set-ups, and you begin to see where security gaps could appear.

It’s probably not surprising that in 2014, healthcare-related breaches accounted for 43% of the total figure, soaring from just 10% in 2005.

To an extent the same problems are present in other industries too, and the same mitigations are relevant across sectors. A quick five-point checklist should include:

Secure legacy systems: choose security tools with virtual patching to ensure systems running software like Windows Server 2003 are protected past their end-of-life date.

Secure portals/records systems/databases: whether data is on-premise, in the public cloud or sitting on virtual servers, it must be protected.

Prevent breaches: targeted attacks are designed to be stealthy, so invest in advanced tools like Deep Discovery to spot the tell-tale signs of a covert breach. It could save a lot of money in remediation and clean-up costs, industry fines, legal fees and reputational damage.

Protect data on endpoints: thanks to the cloud and BYOD there are more of these than ever before, exposing organisations to even greater risk. A “Custom Defense” strategy comprised of multi-layered defences will help.

Meet compliance requirements: healthcare is highly regulated, as are many other industries like financial services and government. Ensure you adhere to this patchwork of standards and frameworks in a holistic rather than a tick-box manner.

What else is new?
The report has a host of other interesting findings from the quarter including:

  • Old threats like Rocket Kitten and Pawn Storm evolved with new targeted attack tools, tactics and procedures
  • Exploit kits grew in sophistication
  • Volume of crypto-ransomware soared, and expanded to the enterprise
  • There was a resurgence of the old favourite, macro malware, taking advantage of security complacence

Leave a Reply

Your email address will not be published. Required fields are marked *