25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Study Highlights Importance of Conducting Regular Malware Scans

Posted By on Jul 13, 2015

Concentrating resources on improving protections for computer networks will make it harder for hackers to gain access to protected data; however, according to a report from Vectra Networks, there is a high probability hackers are already inside. In a recent security test, all computer networks analyzed showed some evidence of a targeted intrusion having already taken place.

Vectra analyzed the computer networks and end point devices of 40 enterprises, and each network was found to include some indicators of a targeted attack, regardless of the size of the network. Over a quarter of a million devices were analyzed by the network security company as part of the study.

Stages of a Malware Attack

Infection

The first stage involves infection of a PC or other device, using a targeted attack such as a spear phishing campaign, or a more random means of spreading the malware: Infecting websites for example. Once code has been downloaded onto a target machine, hackers can start to make changes to the system.

Command and Control

The first phase of the attack proper occurs when a foothold in a system has been gained. The malware starts to communicate, identifying an infected machine. Hackers can then start to carry out their objectives; such as inclusion of the PC in a botnet.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Reconnaissance

Often botnets will be set up and malicious software installed and hackers opt for lateral movement. This occurs in 34% of cases according to the report. 13% of attacks involve searching the network for other targets. Network searches have increased by 4% year on year as hackers start to look for more ways to exploit the owners of the hardware.

Data Exfiltration

When data has been identified as valuable, the attacker moves to the final stage; data exfiltration; the most dangerous phase where data is stolen from the network. Once a channel is set up, all data stored on the computer could be automatically copied automatically, without the user or IT department being aware.

Attackers Know Where to Hide to Avoid Detection

Hackers were found to have used a variety of security flaws to gain a foothold into computer systems. Once inside they concentrate on setting up a secure network channel to send data out of the system without ringing alarm bells.

According to Wade Williamson, director of product marketing at Vectra Networks, “Once they get an exfiltration channel set it up, they can leave it open to steal data for a long while.”

Hackers know how and where to hide their activities. According to the report, hackers are mainly hiding activity in fake browser activity logs, newly-generated domains, the TOR network, and external remote access. Peer to Peer file sharing networks are only believed to be used infrequently, as are hidden HTTPS tunnels; however it is the latter that poses one of the biggest data security threats. Hidden HTTPS tunnels are very difficult to spot. Hackers often hide code inside text fields and headers that are not scanned by all anti-malware programs. Hackers have also found a way to hide code in PNG files and take advantage of encrypted traffic.

Still Time to Organizations to Act

While all systems showed signs of attack, not all were at the most critical stage, giving the organizations concerned time take steps to remove the malware and improve security defenses. Only 3% of intrusions had reached the final exfiltration stage.

Healthcare providers and other covered entities not yet conducting regular malware-scans are taking a considerable risk. Hackers could already be inside their networks stealing data on patients and employees. Only a regular and thorough anti-malware scan will identify unwanted programs before they can be activated by hackers and used to steal healthcare data.

The Study

The study was conducted on small organizations with fewer than 1,000 users, as well as large corporations with over 50,000 users. Each participant in the study received a scan of their system using Vectra’s software. Some test subjects were already clients of Vectra, others had not previously used the software.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist