Share this article on:
Trend Micro has issued a new report that explores the healthcare industry threat landscape, the new risks that have been introduced by the inclusion of a swathe of IoT devices, and how cybercriminals are stealing and monetizing health data.
Cybercriminals are attacking healthcare organizations with increased vigor. More attacks occurred last year than any other year, while 2015 saw a massive increase in stolen healthcare records.
While the health data of patients is an attractive target, health records are not always being sold for big bucks on underground marketplaces. Health insurance cards can cost as little as $1, while EHR records start at around $5 per record set.
However, cybercriminals are now increasing their profits by processing and packaging the stolen data. Data are used to obtain government-issued iDs such as driver’s licenses, passwords and birth certificates. Farmed identities of individuals who have died are being sold, which can see prices of more than $1,000 charged per identity, or even more if IDs are also supplied. A large haul of health data from an EHR system can see cybercriminals make considerable sums, so it is therefore no surprise that healthcare organizations and their EHR systems are being targeted.
The report provides insights into the healthcare industry threat landscape and shows how healthcare organizations are allowing chinks to develop in their cybersecurity armor.
For the report, Trend Micro performed a scan of connected healthcare devices via the search engine Shodan, which revealed how visible healthcare networks are via the Internet and how easy it is for cybercriminals to identify targets.
Shodan can be used by anyone with an Internet connection. The search engine returns details of Internet connected systems such as EHRs, along with medical equipment, appliances, printers and copiers together with the names of the organizations that own the devices.
Hackers can use Shodan to find devices and try to login using default passwords. Default passwords for those devices are freely accessible online. Even when passwords are changed, they are often replaced with weak passwords that can easily be guessed. Once access has been gained, the device can be used as a launch pad for an attack on other parts of the network. Alternatively, the devices can be reconfigured to record information that can be used in further attacks.
The Shodan scan revealed 36,116 healthcare-related records. Trend Micro reports that out of those records, “6,502 originated from the top 10 U.S. cities with exposed healthcare facilities.” The main cities with exposed healthcare facilities were Bethesda, Collegeville, Houston, Portland, and Phoenix, each of those cities accounted for between 10% and 18% of exposed healthcare facilities.
Many of the exposed healthcare organizations were also using out of date and unsupported operating systems such as Windows Server 2008 R2 and Windows XP. The search also revealed that 1,067 healthcare organizations had out of date security certificates.
Trend Micro discovered patch management failures were allowing vulnerabilities to remain unaddressed. 10 devices were discovered that had not been patched to protect against the Heartbleed vulnerability, even though the vulnerability was discovered and patched over two years ago.
Healthcare organizations can spend money on advanced cybersecurity protections, but it is essential that basic cybersecurity controls are not missed.
Given the value of healthcare data and the ease at which potentially vulnerable devices can be found, healthcare organizations must ensure that their networks are made more secure. At the very least, default passwords should be changed on all devices with strong passwords set. Patch management policies must cover all devices, and plans should be put in place to upgrade all devices that are still running on unsupported software.
Trend Micro’s report, Cybercrime and other Threats Faced by the Healthcare Industry, can be found on this link.