According to security researchers, cyber threats against healthcare continue to increase. As per Malwarebytes' Cybercrime Tactics and techniques: the 2019 state of healthcare report, researchers collected the data on the top threat categories and families that cause trouble to the medical industry. As part of the study, researchers also collected information on some of the most common attacks on healthcare defences.
Researchers found that healthcare-targeted cybercrime is a growing sector. The volume and severity of these threats are also increasing. And at the same time, security and privacy concerns of patient's data remain doubtful. Cybercriminals use industry negligence and exploiting vulnerabilities in unpatched legacy software to their benefits. Lack of cybersafety awareness among hospital staff leads to opening malicious emails further infecting hospital systems.
"Our report explores the security challenges inherent to all healthcare organisations, from small private practices to enterprise HMOs, as well as the devastating consequences of criminal infiltration on patient care. Finally, we look ahead to innovations in biotech and the need to consider security in their design and implementation," Malwarebytes said in its blog post.
-- The medical industry is currently ranked as the seventh-most targeted global industry, according to data gathered from October 2018 through September 2019.
-- Cyberattacks on healthcare have increased 45 per cent. Detection from 14,000 healthcare-facing endpoints from Q2 2019 increased to over 20,000 in Q3.
-- Trojan malware targets the medical industry the most. Trojan malware attack on the health care industry increased by 82 per cent in Q3 2019 over the previous quarter.
"The healthcare industry is a target for cybercriminals for several reasons, including their large databases of EHRs, lack of sophisticated security model, and high number of endpoints and other devices connected to the network," MalwareBytes added.
Consequences of a data breach or cyber threats on the medical industry could be severe: Critical processes can be put on hold and devices locked out due to ransomware attack can result in even a patient's death. Recently, a study found a direct link between the lack of cybersecurity measures at hospitals resulting in data breaches and ransomware incidents and an increase in the number of heart patients losing their lives.