IBM Security: Healthcare Cyber Attacks Prevalent, but Less Records Breached in ’16 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

IBM Security: Healthcare Cyber Attacks Prevalent, but Less Records Breached in ’16

March 29, 2017
by Rajiv Leventhal
| Reprints
The report, comprised of observations from more than 8,000 monitored security clients in 100 countries and data derived from non-customer assets, found that healthcare cyber attackers are focusing on smaller targets

A new report from IBM Security found that healthcare—not too long ago the most attacked industry by cyber criminals—fell out of the top five of most breached industries.

The results from the 2017 IBM X-Force Threat Intelligence Index found the number of records across all industries compromised grew a historic 566 percent in 2016 from 600 million to more than 4 billion. These leaked records include data cybercriminals have traditionally targeted like credit cards, passwords and personal health information, but IBM X-Force also noted a shift in cybercriminal strategies. In 2016, a number of significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.

In 2015, healthcare was the most attacked industry with financial services falling to third, however, attackers in 2016 refocused back on financial services. While financial services was targeted the most by cyber attacks last year, data from the X-Force report showed it was only third in compromised records. The lower success rate versus the high volume of attacks in financial services indicates that continued investment in sustained security practices likely helped protect financial institutions.

What’s more, the healthcare industry continued to be suffering by a high number of incidents, although attackers focused on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare—keeping it out of the top five most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88 percent drop in 2016.

The IBM X-Force Threat Intelligence Index is comprised of observations from more than 8,000 monitored security clients in 100 countries and data derived from non-customer assets such as spam sensors and honeynets in 2016. IBM X-Force runs network traps around the world and monitors more than eight million spam and phishing attacks daily while analyzing more than 37 billion web pages and images.

As such, it should be noted that the X-Force report observes its clients, not necessarily all U.S.-based healthcare organizations, from which most cybersecurity statistics are drawn from. Indeed, a year-in-review Breach Barometer report from Protenus painted a starker picture—2016 averaged at least one health data breach per day, affecting more than 27 million patient records, Protenus found.

Information and communication services companies (3.4 billion records leaked and 85 breaches/incidents) and government (398 million records leaked and 39 breaches/incidents) experienced the highest number of incidents and records breached in 2016.

“Cybercriminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic,” Caleb Barlow, vice president of threat intelligence, IBM Security, said in a statement. “While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

In a separate study last year, IBM Security found 70 percent of businesses impacted by ransomware paid over $10,000 to regain access to business data and systems. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.

The promise of profits and businesses increasing willingness to pay empowered cybercriminals to double down on ransomware in 2016. The primary delivery method for ransomware is via malicious attachments in spam emails. This fueled a 400 percent increase in spam year over year with roughly 44 percent of spam containing malicious attachments. Ransomware made up 85 percent of those malicious attachments in 2016.

Overall, the average IBM monitored security client organization experienced more than 54 million security events in 2016—only three percent more events than 2015. This was marked by a 12 percent decrease year-over-year in attacks. As security systems are further tuned and new innovations like cognitive systems grow, the number of incidents overall dropped 48 percent in 2016.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Adam Boehler Tapped by Azar to Serve as Senior Value-Based Care Advisor

Adam Boehler, currently director of CMMI, has also been named the senior advisor for value-based transformation and innovation, HHS Secretary Alex Azar announced.

Vivli Launches Clinical Research Data-Sharing Platform

On July 19 a new global data-sharing and analytics platform called Vivli was unveiled. The nonprofit group’s mission is to promote, coordinate and facilitate scientific sharing and reuse of clinical research data.

Survey: More Effective IT Needed to Improve Patient Safety

In a Health Catalyst survey, physicians, nurses and healthcare executives said ineffective information technology, and the lack of real-time warnings for possible harm events, are key obstacles to achieving their organizations' patient safety goals.

Physicians Still Reluctant to Embrace Virtual Tech, Survey Finds

While consumers and physicians agree that virtual healthcare holds great promise for transforming care delivery, physicians still remain reluctant to embrace the technologies, according to a new Deloitte Center for Health Solutions survey.

Geisinger, AstraZeneca Partner on Asthma App Suite

Geisinger has partnered with pharmaceutical company AstraZeneca to create a suite of products that integrate into the electronic health record and engage asthma patients and their providers in co-managing the disease.

Analysis: Healthcare Ransomware Attacks Decline in First Half of 2018

In the first half of 2018, ransomware events in major healthcare data breaches diminished substantially compared to the same time period last year, as cyber attackers move on to more profitable activities, such as cryptojacking, according to a new report form cybersecurity firm Cryptonite.