Sophisticated threats plague ailing healthcare industry

The healthcare industry is no longer circling the drain, but it’s still in critical condition.

While many organizations in healthcare have aimed at or made positive strides toward a more robust cybersecurity and privacy posture, they still have a long way to go.

In 2018, healthcare had the highest number of breaches recorded compared to other industries. This is according to BakerHostetler’s 2019 Data Security Incident Response Report, which is in its fifth annual iteration this year.

Even today, black hat hackers are continuing to go after patient healthcare data, and according to Business Insider – The HIPPA Journal has a a website dedicated to covering HIPAA-related news, corroborates this intensity after seeing a steady reporting of at least one breach per day from January through March, 2019.

What’s causing these daily breaches?

Hacking and IT incidents, which include malware attacks, have been consistently topping the list.

Malware in healthcare sectors

Healthcare falls short on a lot of security measures: unpartitioned networks, reliance on legacy infrastructure, non-compliance with HIPAA security rules and NIST CSF controls, unmanaged IoT devices, vulnerable medical management apps, the slow implementation of government-recommended IT and cybersecurity practices over the last four years, and the lack of email authentication and low adoption of always-encrypted sessions. For starters.

More importantly, healthcare systems are massively susceptible to malware infection and hijacking, since there are little-to-no protections in place. And when the threats being lobbed at healthcare are more advanced, all that lagging on security takes its toll.

So which types of malware are targeting healthcare organizations? We have collated and analyzed data from our own product telemetry to determine the top malware aiming to infect systems and networks, exfiltrate patient data, and disrupt operations. Here are our results.

Trojans and riskware are common on healthcare systems

Malicious and risky files plague healthcare systems worldwide

Among the five types of malware we found affecting healthcare systems, more than three-quarters (79 percent) are Trojans. This is followed by riskware (11 percent)—those pieces of software that are not inherently malicious, but could still pose a risk to systems on which they’re installed. Others are ransomware, spyware, and worms—all with an equal share of 3 percent.

We take a deep dive into each.


Based on data, a sizable chunk of information-stealing Trojans and downloaders, as well as files posing as legitimate Microsoft (MS) files are present on healthcare systems. They detect them as Trojan.Emotet (35 percent) and Trojan.FakeMS (33 percent), respectively.

The top 6 Trojans detected in healthcare, with Trojan.Emotet leading.

Emotet is an information stealer that can target user credentials stored in browsers and listen to network traffic. Known new versions of Emotet act as downloaders, dropping other banking Trojans, such as TrickBot and Qakbot, ransomware, such as Ryuk, and, at times, cryptominers and cryptowallet stealers.

Emotet has had success in penetrating organizations and spreading because of its simple, yet tried-and-true delivery method—phishing emails—as well as its use of an NSA exploit called EternalBlue, which pushes the infection laterally through networks. In addition, Emotet contains its own malspam module, which churns out additional phishing to continue the cycle.

To add insult to injury, once on networks, Emotet is notoriously difficult to remediate.

Information stealers, in general, are particularly dangerous to have in healthcare systems, as they put electronic health records (EHRs) at risk. Staff credentials can also be swiped and re-used by threat actors to gain access to more information and resources they can use, misuse, or sell to the highest bidders in the dark market.

Emotet has widely affected the health insurance, hospital, pharmaceutical, biotechnology, and medical device sectors. In fact, this threat has been consistently gaining ground on all organizations over the last year, increasing in both persistence and volume to the tune of almost 650 percent from the same time last year.

Trojan.FakeMS, on the other hand, is the detection we use for malware posing as legitimate Microsoft files. Healthcare personnel may or may not have been aware of such files ending up on their work systems. Either way, their presence on machines that staff rely on to processes sensitive records or pull up correct patient data at critical times isn’t ideal.

Meanwhile, cryptominer infections, which we sometimes detect as Trojans, often present machine slowdown as a common symptom, and 17 percent of healthcare systems have been showing this sign.

If you think your practice may have some of these issues – Call today (508-297-2632) to ask for a FREE Site Survey and Estimate to have your network protected 24/7 365 days a year -find out why so many businesses chose Advanced Network Connections to help them be more productive.

Leave a Reply

Your email address will not be published. Required fields are marked *