Friday, March 31, 2017

76% of Healthcare Organizations Hacked Info Sold on Darknet

Over the past few years, ransomware and hacking attacks targeted on healthcare organizations saw tremendous success, mostly because healthcare organizations maintained a centralized database composed of sensitive personal and financial information.

Ransomware distributors design software that can encrypt the servers, devices and databases of healthcare institutions and medical centers when they are accessed. If one of the devices or servers download a fraudulent file or are redirected to an uncertified URL, ransomware can be extracted and installed onto the servers of the organization and encrypt the files indefinitely, until the ransom is paid.

The other two popular types of cyber attack that target healthcare organizations are phishing and keylogging. Instead of utilizing ransomware in order to receive ransom directly from the victimized organization, keyloggers and phishing attacks allow hackers to steal valuable data from the database and servers of healthcare companies and sell them in the dark web.

Usually, these data sets are sold in the dark web for bitcoin. The value of these data sets is completely dependant on the type of data acquired by the hacker. If the data sets contain financial information such as credit card details, bank account information and spending habits, they can be sold for significantly higher prices in comparison to basic details such as names, date of birth, social security number, etc.

Often times, hackers also breach into healthcare organizations with an intent to gain information of VIP members or clients that may include CEOs, government officials and industry leaders. Hackers then threaten or blackmail individuals with a direct communication method and extract ransom payments.

Since mid-2015, hackers utilized highly complex and sophisticated hacking tools that made it difficult for healthcare organizations to prevent themselves from being exploited. According to a recent study released by Evolve IP, 68% of healthcare institutions have compromised email credentials and 76% out of those compromised sets of data can be found on darknet marketplaces.

In its research paper entitled “Email vulnerability in healthcare,” Evolve IP researchers wrote:

“Overall, 68% of all analyzed covered entities and their business associates have employees with visibly compromised accounts — 76% of which include actionable password information. Using ID Agent’s proprietary Dark Web ID analysis technology, ID Agent and Evolve IP analyzed 1,000 healthcare companies representing a variety of business types and sizes. On average, more than 68% of the firms reviewed have compromised email credentials visible and available on the Dark Web.”

Kevin Lancaster, the CEO of ID Agent, a data solutions provider which engaged in a joint research initiative with Evolve IP, further noted that despite the increasing vulnerability of security systems and infrastructures, healthcare organizations are struggling to implement necessary solutions and technologies to combat hacking attacks.

Although leading chief information officers (CIO) within the global healthcare industry and ecosystem are actively investing into potential solutions to protect both employee and client data from being exploited, the vast majority of healthcare organizations have failed to demonstrate proper security measures.

Some corporations have formed AI and blockchain technology-focused development teams in order to create unalterable and immutable databases but are unlikely to commercialize the two technologies within this year.

“Organizations are failing to adequately protect customers from online account takeover and data exploit. To combat the growing threat, the need to develop an end-to-end solution to automate the process of identifying stolen credentials and proactively securing customer online accounts, is vital,” Lancaster said.