The Channel logo


By | Darren Pauli 15th April 2015 15:56

There's TOO MANY data-leaking healthcare firms, growls Symantec

Problems often related to ‘poorly patched devices’

Security software company Symantec is being drenched in calls from breached health organisations that have lost devices or suffered an information security snafu.

Some 80 per cent of the calls its incident response team has received since December are from healthcare firms, topping the charts for the number of breach incidents for 2014 for the fourth year running, according to Symantec's annual threat report (PDF).

Most of these 116 incidents — which are up 25 per cent since 2013 — are due to lost or stolen devices and human database bungling.

Healthcare organisations have about four times as many incidents as education, government, and finance sectors, which averaged around 30 each.

Most exposures result in the disclosure of customers' real names, government identity numbers, and home addresses.

Symantec national healthcare solutions architect Axel Wirth claims healthcare providers usually lose data to device thieves or bumbling staff, but are also exposed because they run often unpatched legacy systems.

"Another situation that many healthcare providers struggle with are poorly patched devices, often running end-of-life operating systems," Wirth said.

"These highly vulnerable devices are a problem not because they're targeted, but because of their susceptibility to common malware," he added. "A number of hospitals have mature cyber-security programs in place, but many are still struggling with basic goals, such as implementing encryption to protect data on lost or stolen mobile devices, laptops, or data carriers."

Some 44 per cent of healthcare breaches are due to lost or stolen devices, up 10 per cent on 2013. Identity exposure through human error is behind 11 per cent of sector breaches.

Insider theft, however, is on the rise, and has doubled from a low base since 2013. Patient records are often sought by staff wishing to set up their own practices and recruit clients, along with run-of-the-mill data thieves.

Low-base increases include an uptick in hacker ransoms where thieves pinch patient records and demand cash to have the data returned, Wirth says.

Other report findings for 2014 include advanced attackers:

  • Deploying legitimate software onto compromised computers to continue their attacks without risking discovery by anti-malware tools.
  • Leveraging a company’s management tools to move stolen IP around the corporate network.
  • Using commonly available crimeware tools to disguise themselves and their true intention if discovered.
  • Building custom attack software inside their victim’s network, on the victim’s own servers.
  • Using stolen email accounts from one corporate victim to spear-phish their next corporate victim.
  • Hiding inside software vendors’ updates, in essence “Trojanizing” updates, to trick targeted companies into infecting themselves

The healthcare bod notes that flogged records are worth between $10 to $50 a pop, compared with credit cards that fetch around $0.50 to $1 each. ®

comment icon Read 5 comments on this article or post a comment alert Send corrections


Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral


STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'