Attempted cyberattacks on health care organizations have increased 85 percent in the past year, according to SecureWorks, a software-as-a-service vendor.
The company's health care clients have been targeted 20,630 times per day during the second half of 2007 and January of this year, a significant increase over the average rate of 11,146 times per client per day during the first half of 2007, according to a recent release.
SecureWorks researchers blamed the spike on an increase in client-side attacks against organizations, as well as health care institutions' use of large attack surfaces and high volumes of personally identifiable information and computing resources.
The rise in application-based attacks affects all organizations, health care or otherwise, according to SecureWorks researcher Hunter King.
“Client-side attacks have continued to be popular with hackers because compromising an employee's PC is often much easier than hacking directly into an organization's database,” he said. “Many times it is simpler to compromise an employee PC because an employee's position often requires them to have access to the web. A company's databases are also desirable because they have authority to communicate to a company's backend systems, whereas communications coming from an IP address outside the network is often blocked.”
Health care organizations also store more personal information than other businesses -- including Social Security numbers, names, addresses, birth dates and banking and credit card information -- making them a rich target for cyberthieves, according to the analysts.
“They have to remain fairly open to a lot of different systems. Facilities might be setup differently, and there's a lot of administrative overhead,” said researcher Don Jackson. “There are a lot of doors they have to make sure are locked.”
Health care organizations are also attractive targets for cyberattackers because the institutions are accustomed to using open networks to conduct billing, record transfers and communication with different providers. Such a structure gives malicious hackers more openings to attack a network, according to SecureWorks.
Medical organizations also inadvertently help malicious hackers by using networks with large numbers of computing resources, such as high bandwith networks, systems with many PCs connected to them, and around-the-clock resources, the researchers said.