As of last week, the Identity Theft Resource Center reported that in 2017 alone, there have been 238 total reported medical/healthcare organization breaches, accounting for 25% of total breaches across all industries.
Here are some more statistics related to why those breaches happened, as well as certain areas to focus on in order to stay secure.
Top 10 Healthcare Breaches of 2017
When categorized by number of records breached, 90% of the top 10 healthcare breaches of the year were due to a “hacking/IT incident.” Eight of the breaches involved hacking of network servers, resulting in 3.6 million affected individual patient records.
From the same dataset, more records were stolen as a result of hacking than all other breach causes (which include physical theft, data disclosure, loss, etc.) combined, as an analysis by Bitglass revealed.
These breaches are listed on the U.S. Dept. of Health and Human Services’ Office for Civil Rights’ Breach Portal as part of the Health Information Technology for Economic and Clinical Health (HITECH) compliance stipulation that requires the agency to publicly list breaches affecting 500 individuals or more.
Healthcare Ranks Low in Security Performance
Based on SecurityScorecard’s 2017 U.S. State and Federal Government Cybersecurity Report, a ranking of the different industries according to “security performance” found the healthcare industry ranking sixth lowest, in the bottom performer’s group.
When it comes to network security, web application security, patching cadence, social engineering and nearly every other category, healthcare was ranked in the bottom performers group.
The report also took a closer look at all sensitive information exposed as part of a data breach or information leak/dump, mapping the information back to the companies that owned the data or associated email accounts connected to the information.
Once again, healthcare ranked in the bottom performers group for the leaked credentials category. Low performance in this category indicates that employees may be potentially using corporate emails for non-work purposes, and passwords might be reused.
Protecting Against Known Vulnerabilities
Many malware attacks are successful because they exploit weaknesses found in older, unpatched versions of software. So, one of the best ways to ensure protection against these attacks is to patch and update your endpoints on a timely basis.
During our data collection and analysis for The Duo 2017 Trusted Access Report, we found that 76% of healthcare endpoints are running Windows 7, an older version of the Microsoft operating system. Another 3% (compared to 1% overall average) are running XP, an operating system that is no longer updated with new security patches by Microsoft.
In general, we found that across browsers, plugins and operating systems, healthcare is less up to date compared to the overall average of all other industries. That could mean that healthcare may be more susceptible to exploits and malware infection.
That Whole Ransomware Thing
The Solutionary Security Engineering Research Team (SERT) released a report last year that found that healthcare was the most targeted industry by ransomware, accounting for 88% of ransomware detections by the SERT team.
This is no big surprise, especially with the widespread and high-profile infections seen by the wormlike WannaCry ransomware in May, and the destructive NotPetya malware in June. While not the sole infection vector, WannaCry did use a known vulnerability, ETERNALBLUE, to infect Windows computers, install malware and spread itself to other connected machines.
And to protect against a successful exploitation of that vulnerability, you’ll need to patch your Windows machines by applying the MS17-010 update.