The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts, focusing on the top threat categories and families that plagued the medical industry, as well as the most common attack vectors used by cybercriminals to penetrate healthcare defenses.
What we found is that healthcare-targeted cybercrime is a growing sector, with threats increasing in volume and severity while highly-valuable patient data remains unguarded. With a combination of unsecured electronic healthcare records (EHR) spread over a broad attack surface, cybercriminals are cashing in on industry negligence, exploiting vulnerabilities in unpatched legacy software and social engineering unaware hospital staff into opening malicious emails—inviting infections into the very halls constructed to beat them.
Our report explores the security challenges inherent to all healthcare organizations, from small private practices to enterprise HMOs, as well as the devastating consequences of criminal infiltration on patient care. Finally, we look ahead to innovations in biotech and the need to consider security in their design and implementation.
Key takeaways: the 2019 state of healthcare
Some of the key takeaways from our report:
- The medical sector is currently ranked as the seventh-most targeted global industry according to Malwarebytes telemetry gathered from October 2018 through September 2019.
- Threat detections have increased for this vertical from about 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3, a growth rate of 45 percent.
- The medical industry is overwhelmingly targeted by Trojan malware, which increased by 82 percent in Q3 2019 over the previous quarter.
- While Emotet detections surged at the beginning of 2019, TrickBot took over in the second half as the number one threat to healthcare today.
- The healthcare industry is a target for cybercriminals for several reasons, including their large databases of EHRs, lack of sophisticated security model, and high number of endpoints and other devices connected to the network.
- Consequences of a breach for the medical industry far outweigh any other organization, as stolen or modified patient data can put a stop to critical procedures, and devices locked out due to ransomware attack can result in halted operations—and sometimes even patient death.
- New innovations in biotech, including cloud-based biometrics, genetic research, and even advances in prosthetics could broaden the attack surface on healthcare and result in far-reaching, dire outcomes if security isn't baked into their design and implementation.
To learn more about the cyberthreats facing healthcare and our recommendations for improving the industry's security posture, read the full report: