Cybercriminals Have an Unhealthy Appetite for Medical Data

By Eyal Aharoni


Cybercriminals just love targeting healthcare organizations and have been doing it quite often for many years. As can be seen on the table below, during the past couple of months cybercriminals have been working hard on these types of targets. where they hit with ransomware attacks or breach to exfiltrate medical records which they can monetize. These medical records are a treasure trove of information that is easy to sell on the dark web. In contrast to e.g., financial institutions, healthcare organizations have a hard time allocating sufficient resources to defend their network perimeter to keep cybercriminals at bay, as is illustrated in the recent attacks outlined below




Fallout /Damage

The Fetal Diagnostic Institute of the Pacific (Hawaii)

Made public in September 2018

The lab was hit by a ransomware attack in June 2018

Data of 40,800 current and former patients was encrypted and not accessible for use.

Legacy Health in Portland, Oregon Made public in August 2018 Phishing attack resulting in unauthorized access to employee email accounts in June 2018 38,000 patient records were breached
UnityPoint Health July 2018 Phishing attack A total of 1.4 million patient records were breached that included names, addresses, medical data, treatment information, lab results and/or insurance information
Singapore government’s health database June/July 2018 Hackers breached a front-end workstation to gain privileged account credentials to obtain privileged access into the database Hackers accessed the data of about 1.5 million patients, including Prime Minister Lee Hsien Loong and stole data on outpatient-dispensed medications
UnityPoint Health in Madison, Wisconsin April 2018 Phishing attack on staff email accounts Data of 16,000 patients was exposed.

St. Peter’s Surgery and Endoscopy Center (Albany, NY)

March 2018 Malware attack by hackers accessing St. Peter’s server in January 2018 134,512 patient records were breached containing patient names, addresses, dates of birth, service dates, diagnoses, procedures and insurance information
Cohen, Bergman, Klepper, Romano MDs (Long Island, NY healthcare provider) March 2018 Breach to an exposed online  database that was misconfigured  Data of 42,000 patients was exposed as well as 3 million clinical notes
ATI Physical Therapy in Illinois March 2018 Phishing attack on employee email accounts Information of 35,136 patients was breached, including Social Security numbers and a wide range of medical information

Healthcare data is hard to protect, especially due to the rise in the use of healthcare technology and electronic devices, healthcare data records are spread all through (and exchanged between) healthcare organization.  As we have seen above, detecting misconfigured hardware and software to prevent public exposure of data is also a major issue for the healthcare industry. Those internal misconfigurations give hackers easy access to inflict damage.

For healthcare providers and hospitals, breaches reduce patient trust, cripple health systems and can even threaten human life. Since cybersecurity has become an integral part of patient safety, there is a growing demand for a holistic solution encompassing human behavior, technology and processes.  This means that healthcare providers should boost their cybersecurity to defend themselves against cybercriminals who are developing and using sophisticated tools and techniques for attacking healthcare organizations to gain access to medical information and hold data and networks for ransom. Although the healthcare sector has been lagging behind compared to other industries when it comes to cybersecurity, budgets have increased and new technologies are being purchased and deployed. This means that healthcare organizations are getting better at blocking attacks and keeping their networks secure, but still there is work to be done.

To help healthcare institutions with their efforts to protect their data, Cymulate offers them a convenient and easy way to test their cybersecurity posture. Cymulate’s Breach & Attack Simulation (BAS) platform allows a healthcare institution to run real cyberattacks in its own environment (at any time, from anywhere) in a safe manner without harming its network in any way. This allows them to test their security posture and mitigate cyberattacks before they can hit and penetrate the networks. The simulation also detects any misconfigurations for quick mitigation.

Want to learn more? Want to try it out? Click here to get a free trial.

Eyal Aharoni

Eyal is the VP of Customer Success at Cymulate. During the last 15 years Eyal performed in a number of critical roles in the information and cyber security fields, providing services for global organizations in a wide range of sectors.

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips