Healthcare News & Insights

Top 3 targets of cyber attacks in health care

Health care organizations are frequently hit in cyber attacks. However, criminals may not be targeting the systems and data that health IT pros use most of their resources to protect. 

Health care firms are becoming a more common target of cyber attacks — in fact, health care data breaches made up 7% of all data breaches this year, according to a study of recent breaches from Verizon. That’s the highest mark ever seen in the annual study.

The reason: The information held by providers can be very lucrative. Despite potential threats like hacked medical devices — including a recent demonstration of how to remotely deliver a deadly shock to victims with pacemakers — cyber attacks in the health care industry are still most often financially motivated, like they are in other industries.

While it’s important to protect patient safety by securing medical devices, Verizon researchers warn healthcare organizations not to shift their focus away from more common cyber attacks.

What do hackers most commonly target when they attack health care providers — and where should health IT departments target their security efforts? According to Verizon, the most common targets of health care cyber attacks were:

  • Point of sale (POS) terminals and servers — Many organizations who focus more on securing protected health information may be surprised that those POS terminals and servers were the most common targets, attacked in 64% and 48% of breaches, respectively. However, most cyber criminals aren’t after EHRs and other clinical data — they want financial and insurance information that can be used to steal money and commit medical identity theft. To prevent attacks, Verizon recommends using complex, frequently changed passwords on POS systems, and avoiding connecting those systems to the Internet.
  • Desktops and workstations — As in other industries, cyber attacks in health care often start by tricking an organization’s employees to install malware on the network through a desktop PC. Desktops and workstations were involved in 38% of the health care data breaches studied by Verizon. Often, those attacks take place by getting users to download malicious email attachments or click on malicious links.
  • Storage systems — While they were subject to fewer attacks than desktop PCs and POS systems, database servers, backup tapes and documents were still targeted, accounting for 5%, 2% and 2% of health care data breaches, respectively. Those systems may contain financial as well as clinical data, so they can be very valuable for cyber criminals.

Small practices hit by cyber attacks

One key lesson in Verizon’s report: Smaller practices are at an especially high risk of cyber attacks. In all industries, hackers have begun targeting smaller organizations, because they tend to be less secure than their larger counterparts. And the health care field is no different, according to Verizon’s report, as most of the breaches in the study took place at facilities with 100 or fewer employees. Outpatient care facilities comprised the majority of those organizations.

How were these cyber attacks carried out? Some form of hacking and malware were each involved in nearly all (93%) of the breaches in the study. Specifically, attackers most often gained access to a health care organization’s data by:

  • Exploiting easily guessable or default passwords used to secure health IT systems (involved in 72% of breaches)
  • Installing malware to open a back door to the organization’s network (49%)
  • Exploiting command and control channels (49%)
  • Using brute force or dictionary attacks to guess passwords (20%)
  • Disabling or interfering with security controls (12%)
  • Stealing log-in information with spyware, keylogger or form-grabber software (12%)
  • Using malware to send data from the organization’s network to an external site (12%)
  • Using stolen log-in credentials (12%)

Although many reported IT security incidents involve lost or stolen laptops, storage drives or other devices, that accounted for just 2% of the breaches looked at by Verizon. That’s likely because those items are more often stolen because of the value of the devices themselves, while the sensitive data they contain is unused by the criminal.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.