Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries

April 26, 2017
by Heather Landi
| Reprints

The number of reported breach incidents in healthcare grew by 22 percent in 2016 from 269 breach incidents in 2015 to 328 last year, according to Symantec’s 2017 Internet Security Threat Report (ISTR).

Further, Symantec’s analysis found that the number of total breached records decreased significantly from 113.3 million (2015) to 16.7 million (2016). “The major difference is that in 2015 we saw six large breaches (over 1 million records), as compared to only three in 2016,” the report authors stated.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009, established mandatory breach reporting for so-called HIPAA Covered Entities (CEs), which includes healthcare providers, health plans, as well as their business associates. Breaches over 500 records need to be reported within 60 days of discovery and are published by Health and Human Services (HHS) on the so-called “Wall of Shame”. This provides a wealth of information about the nature of health data breaches as well as trends.

The Symantec ISTR provides an analysis of the past year in global threat activity, including emerging trends in attacks, malicious code activity, phishing, and spam. 

Overall, the report found that cyber attackers revealed new levels of ambition in 2016, “a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.”

And the report authors noted that while cyber attacks managed to cause unprecedented levels of disruption, attackers frequently used “very simple tools and tactics to make a big impact.” Zero-day vulnerabilities and sophisticated malware now tend to be used sparingly and attackers are increasingly attempting to hide in plain sight, the authors stated. “They rely on straightforward approaches, such as spear-phishing emails and “living off the land” by using whatever tools are on hand, such as legitimate network administration software and operating system features,” the authors wrote.

Further, the authors said that Mirai, the botnet behind a wave of major DDoS attacks, was primarily composed of infected routers and security cameras, low-powered and poorly secured devices. “In the wrong hands, even relatively benign devices and software can be used to devastating effect,” the authors wrote.

The Symantec report also found, based on data provided by cyber insurance data analytics services companies, that healthcare contributed to the second highest number of security incidents in the services sector in 2016. The services sector had 452 security incidents in 2016, or 44 percent of all incidents last year. Of those 452 incidents, 115 of those incidents were attributed to the healthcare sub-sector, of 11 percent of all incidents, according to the Symantec report.

The Symantec report outlines a number of security trends with healthcare, such as indications of more planned and targeted attacks. Further, according to the report, email-delivered ransomware significantly increased in 2016, leading to the loss of data, shutdown of services, or payment of ransom to restore services.

Specifically, looking at email as an attack vector for distribution of spam and malware as well as the execution of phishing attacks, the report authors found that Health Services is in line (spam) or even lower (phishing, malware) than the cross-industry averages. “However, this does not mean that healthcare had a better year than other industries. In fact, healthcare organizations were also victims of the increase in email-borne ransomware. Once the underground criminals understood that there was easy money to be made in healthcare, the industry experienced a dramatic increase of attacks over the previous year, leading to loss of data, shutdown of services, or payment of ransom to restore services,” the report authors wrote.

Further, the authors note that healthcare tends to have a lower security posture and with patient health at stake, pressure to restore data and services is high. “This is understood by hackers and has resulted in a number of high-profile ransom incidents in the US and abroad. Guidance on how to prevent and deal with a ransomware attack has been provided, including specific advice for the healthcare industry,” the report authors wrote.



Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.