Report says IoT proliferation and insufficient access controls exposing healthcare systems to data theft

The proliferation of IoT devices in the healthcare industry, insufficient access controls, unpartitioned networks and a reliance on legacy IT systems is exposing a vulnerable attack surface for cybercriminals to target to steal personally identifiable information (PII) and protected health information (PHI), according to cybersecurity company Vectra.

The Vectra 2019 Spotlight Report on Healthcare indicates that in addition to data theft, the vulnerability could lead to disruptions in healthcare service delivery. Research by Enterprise Strategy Group shows 12 percent of enterprises have already extensively deployed AI-based security analytics, and 27 percent have done so on a limited basis.

Vectra monitored network traffic and collected metadata from more than three million workloads and devices between July and December 2018 through its Cognito threat detection and response platform. The company found that hidden HTTPS tunnels are the most prevalent method used by hackers of hiding command-and-control communications in healthcare networks, and that hidden DNS tunnels are the most common method of hiding data exfiltration behaviors. Vectra observed a spike in behaviors consistent with internal darknet scans and Microsoft Server Message Block account scans, which could indicate attacker reconnaissance. It also found that botnet attacks tend to be opportunistic, rather than targeted, and that incidents of ransomware infection declined in the second half of 2018.

“Healthcare organizations struggle with managing legacy systems and medical devices that traditionally have weak security controls, yet both provide critical access to patient health information,” says Chris Morales, head of security analytics at Vectra. “Improving visibility into network behavior enables healthcare organizations to manage risk of legacy systems and new technology they embrace.”

Pindrop announced plans to extend its voice biometric technology to IoT security, including for the healthcare industry, at CES earlier this year.

Related Posts

Article Topics

 |   |   |   |   |   | 

Comments

One Reply to “Report says IoT proliferation and insufficient access controls exposing healthcare systems to data theft”

Leave a Reply to Mike Banic Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Research

Biometrics White Papers

Biometrics Events

Explaining Biometrics