The latest trend in cyber crime targeting seems to be the ill prepared health care industry according to a recent reports. Common targets for cyber attacks have traditionally been financial institutions, and social media sites. However due to increased target hardening in these industries, criminals are finding the health care industry to be a ripe target due to their lack of strong security measures.
In a recent report industries were assigned a TrustScore to determine the trustworthiness of emails coming from companies within the industry. On a score of 0 to 100 nearly one third of healthcare organizations received a score of 0, with the industry as a whole scored a 17. For a few years the social media industry found itself to be a major target of email phishing scams, but over time they realized their efforts were largely in vain and have now turned towards the health care industry, which is currently not prepared for the onslaught.
It could be argued that the trend really began to take shape with the Anthem breach which compromised the records of up to 80 million people towards the end of 2014. This breach is largely suspected to be the result of phishing emails used to gain high level IT credentials, exposing the poor training given to the Anthem IT staff on security threats. Anthem held healthcare related data including social security numbers and home addresses, data that is worth a hefty price to cyber criminals.
According to a recent SANS report around 94 percent of healthcare organizations have reported victimization by cyber criminals. Couple this statistic with the recent push to digitize healthcare records and the potential threats to personal data is enormous. In addition to personal data hackers may even gain access to critical medical devices and cause serious damage to the welfare of healthcare patients directly. This trend is likely to continue with rapid adoption of security compliance measures to protect critical systems.