Skip to main content

Healthcare firms face more sophisticated threats and evolving malware

(Image credit: Shutterstock)

Cybercriminals are using increasingly sophisticated methods to attack healthcare companies, which are seen as ripe targets due to the kind of data which can be plundered from these organizations – such as sensitive personal medical details.

This is according to the latest Healthcare Threat Report from Proofpoint, which made several worrying discoveries, including a sizeable increase in ‘imposter email’ attacks that impersonate senior members of staff, attempting to trick the victim into clicking a malware link, or revealing sensitive details.

In the first quarter of 2019, the report noted that targeted healthcare companies were sent 43 of these imposter emails, which is roughly triple the amount compared to the same quarter in 2018.

Typically the subject line included words like ‘urgent’ and ‘payment’, and any sort of message with a suspicious sounding demand which needs to be complied with quickly, or a strange-looking link, should obviously be treated with extreme caution.

If you’re even slightly unsure about something in a message, never click it or respond to it, and check with the appropriate member of staff as to whether they did indeed send the email.

Evolution of malware

Proofpoint also observed that malware is evolving, with more sophisticated strains now out there which combine the capabilities of two (or even more than two) types of malware.

The security firm further noted that the biggest threat to healthcare organizations during the period researched was banking Trojans.

As ever, financial gain is the main motivator for cybercriminals, and that can include ransomware of course, which could have (and has had) dire implications for the likes of hospitals.

Although stolen patient data can, of course, also be used to make money by selling it on to interested unscrupulous parties.

Proofpoint commented: “While the cyberattack techniques against healthcare organizations vary and evolve, one common thread is that they attack people, not just technology. They exploit healthcare workers’ curiosity, time constraints in acute care settings, and their desire to serve. Combating these attacks requires a new and people-centered approach to security.”

Education and awareness is a big part of the battle against cybercriminals, in other words.