A new report reveals that the healthcare sector is four times more likely to suffer advanced malware attacks than is any other industry.
Raytheon|Websense, a security firm dedicated to protecting organizations against targeted attacks and data theft, recently announced the publication of 2015 Industry Drill-Down Report – Healthcare. In it, Websense explains why healthcare has experienced a surge in attacks in recent years:
“The rapid digitization of the healthcare industry, when combined with the value of the data at hand, has lead to a massive increase in the number of targeted attacks against the sector,” said Carl Leonard, Raytheon|Websense principal security analyst. “While the finance and retail sectors have long honed their cyber defenses, our research illustrates that healthcare organizations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information.”
Personally identifiable information (PII) generally sells for $1USD per record on the black market–a paltry sum when some estimates place the average value of personal health information (PHI) at between $20USD and $70USD. Some health records are even more lucrative in underground markets: a report released by BitSight references a recent report by NPR’s “All Things Considered” which found a “value pack” of just 10 Medicare numbers that sold for about $4,700.
As a result of these figures, Raytheon|Websense found in its report that the healthcare industry sees 340 percent more security incidents and attacks than any other industry, which therefore makes the sector as a whole more vulnerable to data theft.
Other significant findings of the report include:
- The healthcare industry is four times more likely to experience advanced malware attacks, which includes threats such as Cryptowall ransomware and Dyre malware. In fact, one in every 600 attacks directed against the sector is thought to incorporate some variant of advanced malware.
- Phishing attacks are 74% more likely to affect healthcare organizations than those in other sectors.
The Raytheon|Websense report is consistent with data from the US Identity Theft Resource Center, which found that medical/healthcare accounted for the biggest number of reported breaches in 2014 at 42.5%.
To read the full Raytheon|Websense report, please click here.