Emotet and TrickBot dominate healthcare attacks, according to the latest Cybercrime Tactics and Techniques Report.

A 60% increase in threat detection at healthcare organizations has been observed by comparing all of 2018 against just the first three quarters of 2019, demonstrating significant growth and reason for increased concern about healthcare security as we move into 2020.

According to Malwarebytes’ product telemetry, the healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82% in Q3 2019 over the previous quarter. The two most dangerous Trojans of 2018–2019 for all industries, Emotet and TrickBot, were the two primary culprits.

Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the number one threat to healthcare today. Due to aging infrastructure, low IT budgets and a wealth of personally identifiable information (PII), healthcare institutions are becoming prime targets for cybercriminals. 

Said Adam Kujawa, Director of Malwarebytes Labs, “Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cybercriminals. Emotet, TrickBot, exploit, and backdoor detections targeting healthcare organizations are known to drop ransomware payloads later in their attack chains. For too long, these organizations have suffered due to antiquated equipment and underfunded IT departments, making them especially vulnerable. We should be arming healthcare now with extensive security measures because this pattern suggests that ransomware is looking to penetrate healthcare organizations from several different angles.”

Key findings from the report include:

  • There was a 60% increase in threat detections at healthcare organizations in the first three quarters of 2019 when compared to all of 2018
  • Healthcare is currently the seventh-most targeted industry by cybercriminals according to Malwarebytes data; education and manufacturing took the top two spots in 2019
  • Endpoint detections have grown 45% from 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3
  • Top attack methods for healthcare networks in the last year:
    • Exploiting vulnerabilities in third-party vendor software such as medical management apps or custom software for hospitals and medical practices;
    • Taking advantage of weak security postures due to staff negligence, user error and poor patching cadences; and
    • Using social engineering methods, such as phishing and spear phishing emails to deliver malicious attachments and links
  • Of the four regions of the United States, the West’s healthcare institutions were most targeted by malware, leading the pack at 42% of Malwarebytes’ total US detections. The Midwest was not far behind at 36%. The South and Northeast had far fewer detection percentages at 15 and 7% respectively.

The report also found that the consequences of a cybersecurity breach in healthcare can be especially daunting. Patient data can be exposed, and worse, lives jeopardized, as critical equipment and information may hang in the balance during an attack. For this reason, it is especially crucial that healthcare institutions work to upgrade their security posture, train and retrain employees, and establish and practice protocols in the event of an attack. As new technological innovations are introduced in healthcare, it will become increasingly important to consider security in product or platform design, rather than trying to add it as an afterthought.

Added Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific, Malwarebytes: “It is imperative that new innovations and technologies are introduced alongside adequate security measures, with proper staff training and incident response protocols set in place to ensure utmost vigilance against cyber breaches. The public can also play their part in keeping themselves informed about potential threats, to avoid falling victim to scams that seek to exploit personal data from them.”