Raytheon Websense report says healthcare organisations see 340% more security incidents and attacks than the average
Data thieves are making healthcare organisations some of their prime targets due to the high value of patient information on the black market, according to a new report on cyber attacks.
Published by cyber security company Raytheon Websense, the Healthcare Drill-Down Report says that healthcare services around the world are registering 340% more security incidents than the average for an industry.
Cyber criminals are aiming to exploit the increase in the number and detail of electronic health records, and the spread of networks that is providing an enormous attack surface.
The report is based on the company’s analysis of security telemetry feeds from healthcare organisations. It says that the UK, along with France, Germany, the US, Australia and Romania, has been in the firing line for the latest run of attacks.
Much of the recent activity has involved Cryptowall, a malware that encrypts certain types of files stored on local and mounted networks using public key cryptography, and Dyre, a trojan that can obtain data when it infiltrates systems.
Carl Leonard, principal security analyst at Raytheon Websense, said: “The rapid digitisation of the healthcare industry, when combined with the value of the data at hand, has led to a massive increase in the number of targeted attacks against the sector.
“While the finance and retail sectors have long honed their cyber defences, our research illustrates that healthcare organisations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information.”
While it does not provide further detail on the attacks with UK targets, the report cites the Information Commissioner’s Office (ICO) claim that NHS organisations have been among the worst in protecting data when they hold some of the sensitive information available. Up to February 2015 it had levied fines totalling more than £1 million on healthcare bodies for failing to adequately protect data.
In February the ICO was given the power to carry out compulsory audits on healthcare authorities to test their compliance with the Data Protection Act. In recent months it has sanctioned NHS bodies for failures in handling paper documents rather than in safeguarding IT systems.
Image: Electronic Frontier Foundation graphic, Creative Commons Attribution 3.0 through Wikimedia.