Cyberattacks on Healthcare Institutions Shows No Signs of Slowing Down
This year has seen record high attacks against hospitals, most notably the ransomware attack that held Hollywood Presbyterian Medical Center hostage for over two weeks. Data stored within healthcare networks is a rising target for attackers on a global scale and has become the number one most attacked industry according to IBM Security.
A report published by TrapX Security shows the ongoing advanced persistent attacks, detected between late 2015 and early 2016. They focus specifically on attacks within the healthcare industry, and include analysis from three hospitals that were hit with an attack they have dubbed MEDJACK.2. This is an attack using a technique called repackaging, hackers have been able to mask “sophisticated attacks within old malware wrappers.”
This allows these old malware wrappers to “bypass modern endpoint solutions as the targeted vulerabilities have long since been closed at the operating system level.” Attackers can now create backdoors within these major healthcare facilities, and distribute their sophistitaced toolkits without ever generating an alert. Once installed, this malware can move laterally across the institution’s networks, and has the ability to exploit any information held within their systems.
Risks associated with MEDJACK.2 today on a global scale:
- Creates a backdoor within devices running Windows XP and Windows 7, which can be used to pillage patient data for extended periods of time.
- Can leave ransomware behind in its wake.
- Disguises itself as old malware, which is usually ignored by operating systems and cyber defense implementations.
- Has the potential to distort or change internal data on medical devices at an attacker’s command.
Cyberattacks are not going anywhere, and only seem to be increasing on an exponential level. Every industry, and as 2016 has presented thus far – specifically the healthcare industry, NEEDS to get serious about their cyber defense initiatives. As a first step, we recommend creating a budget dedicated to cyber security. This may seem like a daunting task, but has the potential of saving your organization millions of dollars if you were to come under attack (knock on wood!). Bringing aboard a security expert to your team to help you understand how to create this budget, as well as hiring security staff and security actions. Review disaster recovery plans to really see how your networks and more importantly, patient information will be impacted.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
You can find Secure Sense on Facebook, LinkedIn and Twitter. Follow us for current company and industry news.
[i&ii] Images provided by TrapX Security: