Healthcare Industry Tops List of Hacker Targets: More than 100 Million Medical Records Compromised in 2015

According to a research conducted by IBM the healthcare industry was a privileged target of cybercriminals last year, more than 100M Records Compromised.

The healthcare industry was the number one target of cybercriminals in 2015, new research indicates. Previously, the banking industry held the top position.

In 2015, more than 100 million healthcare records were compromised, according to IBM’s “2016 Cyber Security Intelligence Index.” It is based on data collected between January 1, 2015 and December 13, 2015 and from more than 8,000 client devices in over 100 countries.

The Independent reports that “five of the eight largest healthcare security breaches since the beginning of 2010, with more than one million records compromised, took place during the first six month of 2015.”

Healthcare records are a veritable jackpot for cybercriminals, providing them access to credit card data, Social Security numbers, employment information and medical history records. These can be used in the commission of fraud and identity theft. The following is just one example of the impact of medical records having been hacked:

“Martin Borrett, CTO IBM Security Europe, explained how much damage stolen health data can cause and why it is such a target for theft.

‘We had a situation with a colleague from IBM in the US. John Kuhn, a senior security threat researcher, had to show hospital staff his stomach to prove he did not have a scar from the surgery they had charged him for.

John’s medical records had been stolen, and sold to someone else who had used them to have the surgery, leaving him with a $20,000 bill.’”

Another disturbing element of the findings for 2015 is that approximately 60 per cent of cyber-attacks were conducted by “insiders.”

The top five industries targeted by hackers:

  • Healthcare
  • Manufacturing
  • Financial Services
  • Government
  • Transportation

Ransomware attacks on hospitals have been in the news frequently of late, having occurred in California, Indiana, Kentucky, and Maryland. Because of the nature of the business of hospitals, hospital personnel is coerced into a rushed decision-making process in order to recover their systems and avoid disruption of patient care.

Why has healthcare become such an appealing target?

  • Healthcare has never been a secure industry. With the onset of health information technology, many new vendors neglected taking security measures so that they could launch their products as quickly as possible. Subsequently, burgeoning digital healthcare institutions were left vulnerable to cyberattacks.
  • Lives are at stake. Ransomware has been effective for cybercriminals because healthcare is time-sensitive. It is often not feasible for healthcare practitioners and patients to wait until a solution can be found that would allow them to avoid paying the ransom.
  • Healthcare data is lucrative. Social Security numbers, medical histories, insurance provider information, patient medications and other data can yield large profits for cybercriminals.
  • Application-heavy environments are ripe for attacks. “This in itself is not a security risk or problem, but more diverse systems … [may] require them to use old systems,” says Mike Hanley, director of Duo Labs.
  • The healthcare industry continues to use out-of-date, legacy systems. Eighty-two percent persist in using obsolete technology, including unsupported versions of Internet Explorer.

Relating computer security to the health-conscious practices healthcare providers have in place, Hanley said: “[It’s about] getting back to the basics, user education, security hygiene.”

Written by: Sneacker 

Author Bio: Sneacker is a writer who works in the information technology field. She is a member of GhostSec, a counterterrorism unit within the Anonymous collective, and participant in #OpISIS.

[adrotate banner=”9″]

Edited by Pierluigi Paganini

(Security Affairs – Healthcare Industry, cybersecurity)

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.