Malwarebytes Report Revealed Healthcare Threat Detections Increased by 45% in Q3 of 2019

A recently published Malwarebytes research revealed that the past year saw an increased occurrence and intensity of cyberattacks on healthcare organizations.

In the latest report entitled Cybercrime Tactics and Techniques: The 2019 State of Healthcare, Malwarebytes gives information about the major threats that have affected the healthcare sector last year and points out how cyber criminals penetrate the defenses of healthcare companies to access sensitive healthcare information.

The consequences of cyberattacks on healthcare companies can be severe. Several attacks this year have caused significant disruption to daily functions at hospitals usually causing delays in providing healthcare. In two cases, the cyberattacks resulted in permanent closure of the healthcare organizations. A recent study also showed the considerable harm that cyberattacks bring about on patients with the higher heart attack mortality rates.

Malwarebytes information indicated that the seventh most targeted industry field in the period of October 2018 to September 2019 is the healthcare industry. If the present attack trends keep going, it is probable that the healthcare industry would rank even higher next year.

Cybercriminals like to target healthcare companies because they keep a huge volume of priceless information in EHRs which oftentimes lack sophisticated security. Healthcare companies additionally have a sizeable attack surface to protect, including insecure networked devices. Considering the reasonably poor defenses and lucrative value of healthcare information on the black market, it is not surprising that cybercriminals heavily target the industry.

Identification of threats on healthcare endpoints increased from 14,000 detections in Q2 to 20,000 in Q3, a 45% in Q3 of 2019. Threat detections likewise went up by 60% in the first three quarters of 2019 in comparison to the year 2018.

Plenty of the threat detections in 2019 involved Trojans, particularly Emotet in the beginning 2019 and TrickBot in Q3. TrickBot is the major malware threat today in the healthcare sector. In general, Trojan detections increased by 82% in Q3 from Q2 of 2019. Attackers use Trojans to access sensitive information and install secondary malware payloads like the Ryuk ransomware. After stealing data, ransomware is typically deployed.

Trojan attacks often focus on industry areas having big numbers of endpoints and less advanced security models, for instance education, healthcare and the government. Trojans are mainly propagated by means of social engineering and phishing attacks, exploitation of vulnerabilities on unpatched systems and system setting errors. Trojans are undoubtedly the biggest menace, however detections of hijackers also increased by 98% in Q3, riskware detections went up by 85%, adware detections went up by 34%, and ransomware detections went up by 15%.

According to Malwarebytes, the three primary attack vectors that were taken advantage of in most of the attacks on the healthcare sector last year are phishing, third-party supplier vulnerabilities and negligence.

Because of the big number of email communications among healthcare companies, doctors, and employees, email is a major attack vector and common phishing attack target. Email accounts additionally consist of a sizeable amount of sensitive information, which could be accessed subsequent to phishing email response. These attacks are straightforward requiring no code or hacking expertise. Stopping phishing attacks is a major challenge confronting healthcare organizations.

The extended usage of legacy systems, which are normally unsupported, likewise make attacks way too easy. Sadly, upgrading those systems is complicated and costly and certain equipment and devices are not upgradable. The problem will probably worsen when support for Windows 7 ends in January 2020. Malwarebytes continues to detect WannaCry ransomware infections because of the slow rate of patching in the healthcare sector. A lot of organizations have not yet patched the SMB vulnerability of WannaCry exploits, even with the availability of a patch since March 2017.

Negligence is likewise a critical issue, often due to the inability to prioritize cybersecurity in all organization levels and give suitable employee training on cybersecurity. Malwarebytes remarks that investment in cybersecurity has increased, but it frequently doesn’t include getting new IT personnel and giving training on security awareness.

Cyberattacks will continue and the healthcare sector will encounter more data breaches if

  • unsupported legacy systems stay unpatched
  • IT departments do not have the proper resources to deal with vulnerabilities
  • end users do not receive cybersecurity training

The situation might become worse before things get better. Malwarebytes cautions that new improvements like cloud-based biometrics, breakthroughs in prosthetics, genetic research and a growth in the usage of IoT devices for gathering healthcare data will increase the attack surface further. That is going to make it even more difficult for healthcare organizations to stop cyberattacks. It is important to have security integrated into the design and implementation of cutting edge technologies or vulnerabilities will be identified and taken advantage of.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at