Volume of Healthcare Threats, Especially Trojan Malware, Are Expanding

A new report by a security vendor says that it has seen a big increase in the volume of threats against healthcare organizations during the first three quarters of this year.

The report, by Malwarebytes, says that it saw a 60% increase of threats at healthcare organizations when comparing all of 2018 with just the first three quarters of 2019.

It begins by stating the obvious, which is that due to a mix of aging infrastructure, modest IT budgets and a wealth of personally identifiable information, healthcare organizations are attractive targets for cybercriminals. Healthcare is the seventh-most targeted industry by cyberattackers, with education and manufacturing topping the list.

Top attack methods for breaching healthcare networks last year included exploiting vulnerabilities in third-party vendor software such as medical management apps or custom software developed by hospitals and medical practices; exploiting weaknesses such as staff negligence, user error and failure to patch software on a timely basis; and using social engineering methods like phishing and spear-phishing emails to deliver malicious attachments and links.

It found that the major threat to healthcare companies is Trojan malware, which increased by 82% in Q3 2019 over the previous quarter, with Emotet and TrickBot standing out as the most dangerous Trojans of 2018 – 2019.

Malwarebytes names TrickBot as the biggest threat to the healthcare industry. TrickBot emerged as a banking Trojan, but it’s gone far beyond its origins by this point, and as of mid-2019, was thought to have compromised more than 250 million email accounts.

The vendor also found that healthcare endpoint detections have grown 45%, from 14,000 in Q2 2019 to more than 20,000 in Q3 2019.

The report suggests that if the healthcare industry hopes to protect itself more effectively from cyberattackers, it will need to take a number of steps. These include upgrading from aging legacy systems; hiring IT personnel capable of managing their servers, endpoints and network; investing in staff training on cybersecurity awareness; segmenting their networks to create a barrier between private health data and unauthorized parties; and locking down third-party apps.

In looking at the future, meanwhile, the report reminds readers of the emerging threat posed by the use of Internet of Things technology and the implementation of BYOD policies across the healthcare industry.

It contends that these devices can be considered “inherently insecure” because they are often created by developers not trained in creating secure code, don’t have security baked into their design, may not be protected by security software because they are deeply specialized and aren’t protected by network or endpoint security.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.