Security firm Wandera illustrated the scope and size of healthcare data breaches in a new report about cybersecurity in the healthcare industry.
Image: Wandera

Cloud-first security firm Wandera reports that malicious network traffic is the highest cybersecurity risk for hospitals and other healthcare providers and affects 72% of all organizations. This security threat establishes network access from an app to a web service that is known to demonstrate malicious behavior, such as downloading unauthorized software and gathering sensitive data.

The new report, “Cybersecurity in the Healthcare Industry,” ranked phishing and outdated operating systems as the other top risks. A recent Verizon report found that a majority of healthcare organizations are relying more on cloud storage and predict that within five years most users will access this data via mobile devices. These trends combined with an increase in cyber attacks make securing health data more important than ever. Cybercriminals are going after hospital data more frequently because healthcare records are worth more on the black market than Social Security numbers and credit card information.

SEE: Identity theft protection policy (TechRepublic Premium)

Wandera analysts looked at a subset of healthcare organizations in the company’s database which includes tens of thousands of users such as hospital workers, hospice care providers, and medical equipment manufacturers. The report analyzed the most common security threats among employees and categorized the risks into high, medium, and low risk.

The highest risks and the percentage of healthcare organizations affected by each one are:

The report authors described these two variations of man-in-the-middle attacks as the most problematic for healthcare organizations:

  • SSL stripping: An intermediate server uses advanced techniques to look like an authentic service
  • Targeted certificate spoof: An intermediate server actively attempts to pose as a genuine service

The “vulnerable OS” listing on the high-risk list refers to older versions of operating systems that are more vulnerable due to known security exploits while the same entry on the medium-risk list shows up due to the more general risk of running systems that have not been updated in a timely way. As Allen Bernard wrote on TechRepublic, research from early 2020 found that 83% of healthcare systems are running on outdated software.

The medium-risk threats and the number of organizations affected are:

  • Configuration vulnerabilities:60%
  • Risky hot spots:56%
  • Vulnerable OS (all):56%
  • Sideloaded apps:24%
  • Unwanted or vulnerable app:24%
  • Cryptojacking:16%
  • Third-party app stores installed:16%

The configuration vulnerabilities include jailbreaking a device and disabling the lock screen on a device.

Wandera recommends taking these steps to increase cybersecurity at healthcare organizations:

  • Outline requirements for new use cases for cloud and mobile adoption
  • Segment data to allow granular access based on user need
  • Evaluate use cases and define requirements for remote workers
  • Set a device ownership model that covers what support, ownership, and management
  • Determine what you need to know about users, devices, and apps before granting access
  • Limit users to only the tools and systems they need
  • Implement an acceptable use policy for each subset of devices to control shadow IT
  • Implement a user friendly identity and access management solution for authentication
  • Incorporate device risk assessments into identity management solutions
  • Deploy endpoint protection across all devices

These policies and use cases should be updated after a merger or acquisition, when new regulations are passed, and when IT strategy evolves.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays