Security news that informs and inspires

The State of the Breach in Healthcare: A Look at 2017 So Far


As of last week, the Identity Theft Resource Center reported that in 2017 alone, there have been 238 total reported medical/healthcare organization breaches, accounting for 25% of total breaches across all industries.

Here are some more statistics related to why those breaches happened, as well as certain areas to focus on in order to stay secure.

Top 10 Healthcare Breaches of 2017

When categorized by number of records breached, 90% of the top 10 healthcare breaches of the year were due to a “hacking/IT incident.” Eight of the breaches involved hacking of network servers, resulting in 3.6 million affected individual patient records.

From the same dataset, more records were stolen as a result of hacking than all other breach causes (which include physical theft, data disclosure, loss, etc.) combined, as an analysis by Bitglass revealed.

These breaches are listed on the U.S. Dept. of Health and Human Services’ Office for Civil Rights’ Breach Portal as part of the Health Information Technology for Economic and Clinical Health (HITECH) compliance stipulation that requires the agency to publicly list breaches affecting 500 individuals or more.

Healthcare Ranks Low in Security Performance

Based on SecurityScorecard’s 2017 U.S. State and Federal Government Cybersecurity Report, a ranking of the different industries according to “security performance” found the healthcare industry ranking sixth lowest, in the bottom performer’s group.

When it comes to network security, web application security, patching cadence, social engineering and nearly every other category, healthcare was ranked in the bottom performers group.

Leaked Credentials

The report also took a closer look at all sensitive information exposed as part of a data breach or information leak/dump, mapping the information back to the companies that owned the data or associated email accounts connected to the information.

Once again, healthcare ranked in the bottom performers group for the leaked credentials category. Low performance in this category indicates that employees may be potentially using corporate emails for non-work purposes, and passwords might be reused.

Protecting Against Known Vulnerabilities

Many malware attacks are successful because they exploit weaknesses found in older, unpatched versions of software. So, one of the best ways to ensure protection against these attacks is to patch and update your endpoints on a timely basis.

The Duo 2017 Trusted Access Report found that 76% of healthcare endpoints are running Windows 7, an older version of the Microsoft operating system. Another 3% (compared to 1% overall average) are running XP, an operating system that is no longer updated with new security patches by Microsoft.

Across all browsers, plugins and operating systems, healthcare is less up to date compared to the overall average of all other industries, as revealed in the report. That could mean that healthcare may be more susceptible to exploits and malware infection.

Endpoint security solutions can give you visibility into the security health of managed and unmanaged devices, giving you controls to keep risky devices out or prompt your users to update.

That Whole Ransomware Thing

The Solutionary Security Engineering Research Team (SERT) released a report last year that found that healthcare was the most targeted industry by ransomware, accounting for 88% of ransomware detections by the SERT team.

This is no big surprise, especially with the widespread and high-profile infections seen by the wormlike WannaCry ransomware in May, and the destructive NotPetya malware in June. While not the sole infection vector, WannaCry did use a known vulnerability, ETERNALBLUE, to infect Windows computers, install malware and spread itself to other connected machines.

And to protect against a successful exploitation of that vulnerability, you’ll need to patch your Windows machines by applying the MS17-010 update.