FB pixel

Report says IoT proliferation and insufficient access controls exposing healthcare systems to data theft


The proliferation of IoT devices in the healthcare industry, insufficient access controls, unpartitioned networks and a reliance on legacy IT systems is exposing a vulnerable attack surface for cybercriminals to target to steal personally identifiable information (PII) and protected health information (PHI), according to cybersecurity company Vectra.

The Vectra 2019 Spotlight Report on Healthcare indicates that in addition to data theft, the vulnerability could lead to disruptions in healthcare service delivery. Research by Enterprise Strategy Group shows 12 percent of enterprises have already extensively deployed AI-based security analytics, and 27 percent have done so on a limited basis.

Vectra monitored network traffic and collected metadata from more than three million workloads and devices between July and December 2018 through its Cognito threat detection and response platform. The company found that hidden HTTPS tunnels are the most prevalent method used by hackers of hiding command-and-control communications in healthcare networks, and that hidden DNS tunnels are the most common method of hiding data exfiltration behaviors. Vectra observed a spike in behaviors consistent with internal darknet scans and Microsoft Server Message Block account scans, which could indicate attacker reconnaissance. It also found that botnet attacks tend to be opportunistic, rather than targeted, and that incidents of ransomware infection declined in the second half of 2018.

“Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information,” says Chris Morales, head of security analytics at Vectra. “Improving visibility into network behavior enables healthcare organizations to manage risk of legacy systems and new technology they embrace.”

Pindrop announced plans to extend its voice biometric technology to IoT security, including for the healthcare industry, at CES earlier this year.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News


UK school reprimanded by ICO for using facial recognition without DPIA

A school in Chelmsford, Essex, has been reprimanded by the Information Commissioner’s Office (ICO) for the unlawful implementation of facial…


Tech5 introduces flexible biometric template protection for its ABIS

Tech5 has developed biometric template protection technology that it says meets the criteria set out in the ISO/IEC 30136 standard….


Maza streamlines KYC with Regula biometric and document verification

Regula has integrated its document and biometric verification system into Maza Financial, a fintech company based in the United States,…


More ballparks to get biometric entry through MLB’s Go-Ahead Entry

Major League Baseball continues to grow its facial recognition entry program with biometrics from NEC. An article in Sports Business…


Inrupt enters growing digital wallet market with pitch from WWW inventor

Inrupt has launched a digital wallet, which comes with a notable endorsement from an internet pioneer. A press release says…


OIX calls on new UK government to accelerate digital ID rollout

The UK should work toward a digital wallet strategy, provide clarity on how ID will work across the public and…


One Reply to “Report says IoT proliferation and insufficient access controls exposing healthcare systems to data theft”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events