The recent SANS-Norse Healthcare Cyberthreat report reveals that the networks and Internet-connected devices of organizations in virtually every healthcare category – from hospitals to insurance carriers to pharmaceutical companies – have been and continue to be compromised by successful attacks. A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization’s own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization’s network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.
The infographic shown illustrates these key findings.
The report reveals many findings and salient conclusions. Among the most alarming were the following:
- 49,917 unique events of a malicious nature took place within the healthcare IT environment during the period when intelligence was gathered; this was a small sample of the data gathered during that period.
- Networks and devices at 375 U.S.-based healthcare-related organizations were compromised during this period, and some of them are still compromised.
- Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers.
- A significant number of compromises came about due to very basic issues such as not changing default credentials on firewalls.
All Providers Feel the Impact
Although many types of organizations were compromised, one type produced the majority of malicious traffic:
- Healthcare Providers – 72 percent of malicious traffic
- Healthcare Business Associates – 9.9 percent of malicious traffic
- Health Plans – 6.1 percent of malicious traffic
- Healthcare Clearinghouses – 0.5 percent of malicious traffic
- Pharmaceutical – 2.9 percent of malicious traffic
- Other Related healthcare entities – 8.5 percent of malicious traffic