Hackers are generally assumed to be going after bank account numbers or financial institutions. But a recent study from cybersecurity firm IntSights shows hackers are now taking aim at healthcare institutions for lucrative information to steal.
IntSight’s new research report “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry” points out what methods cybercriminals are using and what healthcare organizations can do to protect themselves.
Hackers Moving on From Financial Institutions
IntSight chief security officer Etay Maor emphasized on the fears some security experts have about a new wave of cybercriminals who are focusing their efforts on healthcare institutions with soft security measures.
The healthcare industry has historically not had as robust security as the financial industry, which is a common target. But once cybercriminals started noticing that financial institutions are a tough nut to crack, they found that healthcare to be useful for all kinds of attacks.
In many cases, hospitals and clinics have mechanisms which are harder to maintain because many rely on legacy software with limited security protections. On the contrary financial institutions have rapidly evolved to mitigate efforts by hackers to steal money and information. Healthcare organizations still work on old browsers and usually do not update both software or hardware.
Hospital systems using older versions of browsers makes entire networks vulnerable to cybercriminals. Hackers have realized loads of valuable data exist locked behind these vulnerable security systems.
The report mentions that hackers look for SSNs, addresses, and phone numbers to create fake accounts with and access the systems.
How Hackers Benefit from the Data?
Healthcare data is extremely valuable as there’s so much information that can be used for all kinds of things. A cybercriminal can steal a credit card. If one can steal a patient’s data, it can be used to do insurance fraud, account takeover, or financial fraud. A hacker can create static IDs or order drugs. That’s the reason why credit cards on the dark web sell for $1, and healthcare information or patient data goes for $50.
According to Maor, one of the most worrying trends recently is that cybercriminals are selling administrative access to healthcare systems. Administrator access to backend systems allows access to different assets, databases, and information, enabling the attacker to swiftly steal, alter, or corrupt the data. The consequences are potentially devastating for those afflicted, from both an organizational and individualistic perspective.
This makes it even more difficult for security systems to stop attacks because administrators have control over the entire system and can give system-wide access to other users. They control the database and do updates.
If someone were to steal the login credentials of a doctor or a secretary, a properly functioning security system would raise security alarms because those accounts should not be accessing certain parts of the system. But no warning signals are issued for administrative accounts.
According to the IntSight’s report, one can buy admin access to healthcare portals on the dark web for at least $400.
Healthcare professionals are taking a holistic approach to security. Continued investment in and development of refined security initiatives is essential to protect the extremely sensitive data healthcare organizations manage.