According to a new report from Malwarebytes, healthcare is now the seventh-most targeted sector and cyberattacks against healthcare organizations jumped 60% during the first three quarters of 2019, compared to all of 2018. The majority of healthcare-focused attacks were caused by negligence, phishing, and supplier vulnerabilities.
Oftentimes, this industry will allocate a majority of its budget dollars to research, patient care, etc., and leave cybersecurity as an afterthought. Given, however, the massive troves of personal information the healthcare industry contains, it is vital that a more concerted effort is made industry-wide to mitigate cybercrime.
"Medical institutions are fighting an uphill security battle, as budget dollars are often diverted to research, patient care, or new technology adoption," the report says. "Cybersecurity, then, is an afterthought, as doctors use legacy hardware and software, staff lack the security know-how to implement updates and patches in a timely manner, and many medical devices lack security software altogether." In particular, attackers have targeted organizations with flexible programs that compromise systems and then allow attackers to infect the system with even more malicious code. Malwarebytes' software detected, and blocked, more than 12,000 attempted installations of Trojan software in Q3, dominating other types of malware. Ransomware, the No. 2 threat, accounted for less than 2,500 attempted installations during the third quarter, the report stated.