Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Report: Cyber Attackers Using Simple Tactics, Tools to Target Healthcare, Other Industries

April 26, 2017
by Heather Landi
| Reprints

The number of reported breach incidents in healthcare grew by 22 percent in 2016 from 269 breach incidents in 2015 to 328 last year, according to Symantec’s 2017 Internet Security Threat Report (ISTR).

Further, Symantec’s analysis found that the number of total breached records decreased significantly from 113.3 million (2015) to 16.7 million (2016). “The major difference is that in 2015 we saw six large breaches (over 1 million records), as compared to only three in 2016,” the report authors stated.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009, established mandatory breach reporting for so-called HIPAA Covered Entities (CEs), which includes healthcare providers, health plans, as well as their business associates. Breaches over 500 records need to be reported within 60 days of discovery and are published by Health and Human Services (HHS) on the so-called “Wall of Shame”. This provides a wealth of information about the nature of health data breaches as well as trends.

The Symantec ISTR provides an analysis of the past year in global threat activity, including emerging trends in attacks, malicious code activity, phishing, and spam. 

Overall, the report found that cyber attackers revealed new levels of ambition in 2016, “a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices.”

And the report authors noted that while cyber attacks managed to cause unprecedented levels of disruption, attackers frequently used “very simple tools and tactics to make a big impact.” Zero-day vulnerabilities and sophisticated malware now tend to be used sparingly and attackers are increasingly attempting to hide in plain sight, the authors stated. “They rely on straightforward approaches, such as spear-phishing emails and “living off the land” by using whatever tools are on hand, such as legitimate network administration software and operating system features,” the authors wrote.

Further, the authors said that Mirai, the botnet behind a wave of major DDoS attacks, was primarily composed of infected routers and security cameras, low-powered and poorly secured devices. “In the wrong hands, even relatively benign devices and software can be used to devastating effect,” the authors wrote.

The Symantec report also found, based on data provided by cyber insurance data analytics services companies, that healthcare contributed to the second highest number of security incidents in the services sector in 2016. The services sector had 452 security incidents in 2016, or 44 percent of all incidents last year. Of those 452 incidents, 115 of those incidents were attributed to the healthcare sub-sector, of 11 percent of all incidents, according to the Symantec report.

The Symantec report outlines a number of security trends with healthcare, such as indications of more planned and targeted attacks. Further, according to the report, email-delivered ransomware significantly increased in 2016, leading to the loss of data, shutdown of services, or payment of ransom to restore services.

Specifically, looking at email as an attack vector for distribution of spam and malware as well as the execution of phishing attacks, the report authors found that Health Services is in line (spam) or even lower (phishing, malware) than the cross-industry averages. “However, this does not mean that healthcare had a better year than other industries. In fact, healthcare organizations were also victims of the increase in email-borne ransomware. Once the underground criminals understood that there was easy money to be made in healthcare, the industry experienced a dramatic increase of attacks over the previous year, leading to loss of data, shutdown of services, or payment of ransom to restore services,” the report authors wrote.

Further, the authors note that healthcare tends to have a lower security posture and with patient health at stake, pressure to restore data and services is high. “This is understood by hackers and has resulted in a number of high-profile ransom incidents in the US and abroad. Guidance on how to prevent and deal with a ransomware attack has been provided, including specific advice for the healthcare industry,” the report authors wrote.



Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



ONC Roundup: Senior Leadership Changes Spark Questions

The Office of the National Coordinator for Health IT (ONC) has continued to experience changes within its upper leadership, leading some folks to again ponder what the health IT agency’s role will be moving forward.

Media Report: Walmart Hires Former Humana Executive to Run Health Unit

Reigniting speculation that Walmart and insurer Humana are exploring ways to forge a closer partnership, Walmart Inc. has hired a Humana veteran to run its health care business, according to a report from Bloomberg.

Value-Based Care Shift Has Halted, Study Finds

A new study of 451 physicians and health plan executives suggests that progress toward value-based care has stalled. In fact, it may have even taken a step backward over the past year, the research revealed.

Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.

Nursing Notes Can Help Predict ICU Survival, Study Finds

Researchers at the University of Waterloo in Ontario have found that sentiments in healthcare providers’ nursing notes can be good indicators of whether intensive care unit (ICU) patients will survive.

Health Catalyst Completes Acquisition of HIE Technology Company Medicity

Salt Lake City-based Health Catalyst, a data analytics company, has completed its acquisition of Medicity, a developer of health information exchange (HIE) technology, and the deal adds data exchange capabilities to Health Catalyst’s data, analytics and decision support solutions.