Malwarebytes reports 60% jump in healthcare endpoint threat detections

Advanced endpoint protection and remediation solution specialist Malwarebytes has announced the results of its latest Cyber Crime Tactics and Techniques (CTNT) report entitled ‘CTNT Q3 2019: The State of Healthcare Cyber Security’. The company observed a 60% increase in threat detections at healthcare organisations by comparing all of 2018 against just the first three-quarters of 2019, demonstrating significant growth and a reason for increased concern about healthcare security as we head towards 2020.

According to Malwarebytes’ product telemetry, the healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82% in Q3 2019 over the previous quarter. The two most dangerous Trojans of 2018-2019 for all industries, Emotet and TrickBot, were the two primary culprits.

Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the Number One threat to healthcare. Due to ageing infrastructure, low IT budgets and a wealth of personally identifiable information, healthcare institutions are becoming prime targets for cyber criminals.

“Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cyber criminals,” said Adam Kujawa, director of the Malwarebytes Labs. “Emotet, TrickBot, exploit and backdoor detections targeting healthcare organisations are known to drop ransomware payloads later in their attack chains. For too long, these organisations have suffered due to antiquated equipment and underfunded IT Departments, in turn making them especially vulnerable. We should be arming healthcare now with extensive security measures because this pattern suggests that ransomware is looking to infiltrate such organisations from several different angles.”

Key findings from the report

Key findings from the report include the following:

*There was a 60% increase in threat detections at healthcare organisations in the first three-quarters of 2019 when compared to all of 2018

*Healthcare is currently the seventh most targeted industry by cyber criminals according to the Malwarebytes data (education and manufacturing take the top two spots in 2019)

*Endpoint detections have grown 45% from 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3

*Trojans, hijackers and riskware each surged by over 80% from Q2 2019 to Q3

*The top attack methods for healthcare networks in the last year were exploiting vulnerabilities in third party vendor software (such as medical management apps or custom software for hospitals and medical practices), taking advantage of weak security postures due to staff negligence, user error and poor patching cadences and using social engineering methods, such as phishing and spear phishing.

Daunting consequences of an attack

The report also details that the consequences of a cyber security breach in healthcare can be especially daunting. Patient data can be exposed and, worse still, lives placed in jeopardy as critical equipment and information may hang in the balance during an attack.

For this reason, it’s especially crucial that healthcare institutions work to upgrade their security posture, train and retrain employees and establish and practice protocols in the event of an attack.

As new technologial innovations are introduced in the healthcare sector, so it will become increasingly important to consider security in product or platform design rather than trying to add it as an afterthought.

*For copies of the full report visit:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts