Networks and devices at 375 organization were compromised in a period of one year
Norse and SANS have released a paper that focuses on the cyberattacks launched against US healthcare-related organizations over a one-year period. The study is based on data from Norse’s global threat intelligence platform.The figures show that during the study period – between September 2012 and October 2013 – close to 50,000 unique malicious events were identified. It’s worth noting that this represents only a small sample of the total volume of data gathered by Norse.
The networks and devices of 375 organizations were compromised and, unfortunately, some of them still haven’t cleaned up their systems.
The list of compromised devices includes firewalls, web cameras, mail servers and radiology imaging software. VPNs were the most targeted systems.
“This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected,” said Senior SANS Analyst and Healthcare Specialist Barbara Filkins.
“For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care,” Filkins added.
“For many organizations governed by stringent regulations such as the Healthcare Insurance Portability and Accountability Act (HIPAA), compromises and breaches lead to massive fines. In 2013, fines ranged from $150,000 and went up to $1.7 million in the widely publicized WellPoint case,” the source explained.
Data collected by Norse shows that while most of the healthcare industry is targeted by cybercriminals, the majority of malicious traffic (72%) has been associated with healthcare providers. Healthcare business associates account for 9.9% of malicious traffic, health plans for 6.1%, healthcare clearinghouses for 0.5%, and pharmaceutical companies for 2.9%.
“What SANS and Norse have uncovered in this report is, in a word, alarming,” noted Sam Glines, CEO of Norse.
“The sheer number of attacks being perpetrated against healthcare organizations is overwhelming, while the defenses in place are not nearly enough to neutralize them. So although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price,” Glines stated.
On March 6, Norse and SANS will host a webinar on healthcare IT threats. The complete report is available on Norse’s website.