Malware attacks on hospitals are rising fast, and the problem is about to get a lot worse

The healthcare industry stores some of the most sensitive personal information there can be about people: hackers know this and are looking to exploit what they view as an easy target.
Written by Danny Palmer, Senior Writer

Trojan malware attacks targeting hospitals and the healthcare industry have risen significantly over the course of this year as hackers increasingly look to exploit a sector that is often viewed as an easy target by those with the aim of stealing sensitive personal data.

Figures in The State of Healthcare Cybersecurityreport from Malwarebytes state there's already been a 60% increase in trojan malware detections in the first nine months of 2019 compared with the entirety of 2018. The rise has been particularly significant in the third quarter of this year, with an 82% increase in detections when compared with the previous quarter.

ALSO: What happens when your healthcare data is stolen or held for ransom? It depends TechRepublic 

Researchers point to two forms of trojan malware being the most responsible for the rise in attacks targeting healthcare and they're two of the most prolific trojans around – Emotet and Trickbot.

Attacks using Emotet – a prolific form of malware that started life as a banking trojan, and now also serves as a backdoor into a variety of networks – surged during the first part of the year and this caused a spike in detections targeting healthcare organisations during this period. The malware appeared to tail off during the middle of the year, but it has recently come back to life.

Following the initial disappearance of Emottet, Trickbot took over as the most common form of trojan malware targeting the health sector. Trickbot first emerged in 2016 and, like Emotet, started life as a banking trojan before gradually adding a variety of other capabilities.

Like Emotet, it can also be used as a gateway to deliver other malicious payloads and both Trickbot and Emotet have been known to drop ransomware onto compromised systems.

Ransomware has become a scourge of hospital networks, with many health organisations falling victim to network-encrypting attacks over the course of this year. In many cases, the organisations feel they don't have a choice but to pay the ransom, especially if the attack directly impacts patient care.

But even if the two trojans aren't used as a stepping stone to ransomware attacks, they can still be hugely damaging not only for healthcare providers, but also the patients themselves as hospitals store large amounts of personal data.

Alongside names, addresses, dates of birth and other information that hackers can use to commit fraud and other cybecrime, the nature of health data means hospitals store extremely sensitive information about patients, something which attackers could exploit.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

"Healthcare is vital to our population, industries and economy, which is why it's an especially concerning industry to see targeted by cybercriminals," said Adam Kujawa, director of Malwarebytes Labs

"For too long, these organizations have suffered due to antiquated equipment and underfunded IT departments, making them especially vulnerable. We should be arming healthcare now with extensive security measures," he added.

The report also warns that these issues need to be addressed soon because, with the growth of Internet of Things devices and biotech in healthcare, there could be "dire outcomes" if security of new and exiting systems isn't improved.


Editorial standards