Healthcare – The Next Major Cyber Attack Target

Posted: April 5, 2013 in Malware, Prevention, Security Governance, Security Program Development, Threats
Tags: ,

With all the healthcare industry regulations around data leakage there has been a decent effort put in place to protect individual records, however the healthcare organizations are still struggling to get this under control from both a physical and cyber perspective.

Even though the medical industry is still battling to protect sensitive records they are facing another more persistent problem.  These organizations are under attack because the adversary wants to understand the underlying business practices and to obtain important intellectual property. With the aging population and billions of dollars spent on research and development for drugs, these organizations have a good deal of market cap to lose.

The recent FireEye report shows that although Healthcare is not the top malware candidate it is continually targeted by these attacks.  Also notice that the energy sector which has been heavily targeted in the past few years is tracking less than the healthcare industry.

FireEye Stats

http://www2.fireeye.com/WEB2012ATR2H_advanced-threat-report-2h2012.html

 

To understand the extent of the threat another posting was released on March 14 titled “Medical Industry Under Attack by Chinese Hackers”.  Here is one of the key quotes from this article.

“Healthcare is listed as one of China’s priorities in its 15-year science and technology development strategy for 2006 to 2020“

“Many of these victims have technology or drugs that are a monopoly. If you are the first to market with some great new technology breakthrough or drug, and you get a profit from that research … it would definitely be an issue for the Chinese to target some of these“

http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240150858/medical-industry-under-attack-by-chinese-hackers.html

 

As recent as March 20th an article in The Daily Briefing was posted stating:

“Rich Barger—chief intelligence officer for CyberSquared, a data security company—said his firm can confirm that at least three Chinese advanced persistent threat groups, or APT groups, have targeted medical organizations.”

http://www.advisory.com/Daily-Briefing/2013/03/20/Hackers-target-medical-organizations

 

As you can see the industry is definitely under attack and many healthcare organizations are more than likely compromised.  The unfortunate problem is that these companies are spending all their security money to focus on the leakage of personal and medical records, but they are still implementing the wrong controls to protect against a threat that impacts their entire business model.

If the healthcare industry does not shift its current security strategy and prioritize its spending on the right prevention controls then their data and business models will be complexly assimilated in the next decade.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s