Breach, Data Security, Incident Response, TDR

Healthcare sector’s broad data sets will attract increased attacks in 2015

A report forecasting next year's security threats repeatedly points to the healthcare industry as a prime target for data thieves.

Released Tuesday, the Websense 2015 Security Predictions Report said that the community could expect a marked increase in attack campaigns going after healthcare records. Obtaining the records are the key to gleaning “personally identifiable information [PII] that can used in a multitude of attacks and various types of fraud,” a release from the security firm said.

“In an environment still transitioning millions of patient records from paper to digital form, many organizations are still playing catch-up when it comes to the security challenge of protecting personal data. As a result, cyber attacks against this industry will increase,” the findings continued.

Back in September, Websense researchers told MIT Technology Review that in the past 10 months alone, they saw a 600 percent increase in attacks on hospitals.

In an interview with, Carl Leonard, principal security analyst at Websense, said that the healthcare sector is particularly susceptible to having diverse data sets targeted, which have an “increasingly large value on the underground marketplace.”

“It's a treasure trove of information in one fell swoop,” Leonard said.

In addition to financial information, medical insurance and other types of personal data that can be used for a wide array of malicious purposes, are up for grabs when targeting healthcare organizations or their vendors. And the information has a longer shelf life than stolen credit card information, Leonard explained – a fact that brought him to another prediction in the report.

“These credit card thieves – and we've seen many of them operate successfully in 2014 – they will morph into information dealers,” he said.

The emergence of chip and PIN technology in the U.S. will help thwart traditional skimming scams, so criminals will target a wider range of data about victims, the report explained.

“These fuller, richer, personal identity dossiers of individual users, consisting of multiple credit cards, regional and geographic data, personal information and behavior, will be increasingly traded in the same manner that stolen credit cards are today,” a summary of the report said.

Another prediction in the report – that Internet of Things (IoT) threats would focus on businesses, rather than consumer products – also held a healthcare industry tie-in: potential attacks on medical devices.

“Manufacturers are an attractive proposition to attackers because of the links in the supply chain,” Leonard said of the looming threat. “But I think the industry is getting better educated on some of the threats that exist as the topic of security is becoming a business level discussion," he noted. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.