-mask

Cybercriminals Have an Unhealthy Appetite for Medical Data

Cybercriminals love targeting healthcare organizations and have been doing it quite often for many years. As can be seen in the table below, during the past couple of months, cybercriminals have been working hard on these types of targets,  hitting them with ransomware attacks or exfiltrating medical records they can monetize. These medical records are a treasure trove of information that is easy to sell on the dark web. In contrast to, e.g., financial institutions, healthcare organizations have a hard time allocating sufficient resources to defend their network perimeter to keep cybercriminals at bay, as is illustrated in the recent attacks outlined below

Target

Date Attack Fallout /Damage
The Fetal Diagnostic Institute of the Pacific (Hawaii) Made public in September 2018 The lab was hit by a ransomware attack in June 2018 Data of 40,800 current and former patients was encrypted and not accessible for use.
Legacy Health in Portland, Oregon Made public in August 2018 Phishing attack resulting in unauthorized access to employee email accounts in June 2018 38,000 patient records were breached
UnityPoint Health July 2018 Phishing attack A total of 1.4 million patient records were breached that included names, addresses, medical data, treatment information, lab results and/or insurance information
Singapore government’s health database June/July 2018 Hackers breached a front-end workstation to gain privileged account credentials to obtain privileged access to the database Hackers accessed the data of about 1.5 million patients, including Prime Minister Lee Hsien Loong, and stole data on outpatient-dispensed medications
UnityPoint Health in Madison, Wisconsin April 2018 Phishing attack on staff email accounts Data from 16,000 patients was exposed.
St. Peter’s Surgery and Endoscopy Center (Albany, NY) March 2018 Malware attack by hackers accessing St. Peter’s server in January 2018 134,512 patient records containing patient names, addresses, dates of birth, service dates, diagnoses, procedures, and insurance information were breached
Cohen, Bergman, Klepper, Romano MDs (Long Island, NY healthcare provider) March 2018 Breach of an exposed online  database that was misconfigured Data from 42,000 patients was exposed as well as 3 million clinical notes
ATI Physical Therapy in Illinois March 2018 Phishing attacks on employee email accounts Information of 35,136 patients was breached, including Social Security numbers and a wide range of medical information

Healthcare data is hard to protect, especially due to the rise in the use of healthcare technology and electronic devices, healthcare data records are spread all through (and exchanged between) healthcare organizations.  As we have seen above, detecting misconfigured hardware and software to prevent public exposure of data is also a major issue for the healthcare industry. Those internal misconfigurations give hackers easy access to inflict damage.

For healthcare providers and hospitals, breaches reduce patient trust, cripple health systems, and can even threaten human life. Since cybersecurity has become an integral part of patient safety, there is a growing demand for a holistic solution encompassing human behavior, technology, and processes.  This means that healthcare providers should boost their cybersecurity to defend themselves against cybercriminals who are developing and using sophisticated tools and techniques for attacking healthcare organizations to gain access to medical information and hold data and networks for ransom. Although the healthcare sector has been lagging behind compared to other industries when it comes to cybersecurity, budgets have increased and new technologies are being purchased and deployed. This means that healthcare organizations are getting better at blocking attacks and keeping their networks secure, but still, there is work to be done.

To help healthcare institutions with their efforts to protect their data, Cymulate offers them a convenient and easy way to test their cybersecurity posture. Cymulate’s Breach & Attack Simulation (BAS) platform allows a healthcare institution to run real cyberattacks in its own environment (at any time, from anywhere) in a safe manner without harming its network in any way. This allows them to test their security posture and mitigate cyberattacks before they can hit and penetrate the networks. The simulation also detects any misconfigurations for quick mitigation.

Don’t speculate, Cymulate