Malwarebytes Reports a 60 Percent Jump in Healthcare Endpoint Threat Detections


Emotet and TrickBot dominate healthcare attacks according to the lastest Cybercrime Tactics and Techniques Repor

Malwarebytes has released its latest Cybercrime Tactics and Techniques (CTNT) report, “CTNT Q3 2019: The State of Healthcare Cybersecurity.” Malwarebytes observed a 60 percent increase in threat detections at healthcare organizations by comparing all of 2018 against just the first three quarters of 2019, demonstrating significant growth and reason for increased concern about healthcare security as we move into 2020.

According to Malwarebytes’ product telemetry, the healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82 percent in Q3 2019 over the previous quarter. The two most dangerous Trojans of 2018–2019 for all industries, Emotet and TrickBot, were the two primary culprits. Emotet detections surged at the beginning of 2019, followed by a wave of TrickBot detections in the second half of the year, becoming the number one threat to healthcare today. Due to aging infrastructure, low IT budgets and a wealth of personally identifiable information (PII), healthcare institutions are becoming prime targets for cybercriminals.

“Healthcare is vital to our population, industries and economy, which is why it’s an especially concerning industry to see targeted by cybercriminals,” said Adam Kujawa, Director of Malwarebytes Labs. “Emotet, TrickBot, exploit, and backdoor detections targeting healthcare organizations are known to drop ransomware payloads later in their attack chains. For too long, these organizations have suffered due to antiquated equipment and underfunded IT departments, making them especially vulnerable. We should be arming healthcare now with extensive security measures because this pattern suggests that ransomware is looking to penetrate healthcare organizations from several different angles.”

Key findings from the report include the following:

  • There was a 60 percent increase in threat detections at healthcare organizations in the first three quarters of 2019 when compared to all of 2018.
  • Healthcare is currently the seventh-most targeted industry by cybercriminals according to Malwarebytes data; education and manufacturing took the top two spots in 2019.
  • Endpoint detections have grown 45 percent from 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3.
  • Trojans, hijackers and riskware each surged by over 80 percent from Q2 2019 to Q3.
  • The top attack methods for healthcare networks in the last year were:
    • Exploiting vulnerabilities in third-party vendor software, such as medical management apps or custom software for hospitals and medical practices;
    • Taking advantage of weak security postures due to staff negligence, user error and poor patching cadences; and
    • Using social engineering methods, such as phishing and spear phishing emails to deliver malicious attachments and links.
  • Of the four regions of the United States, the West’s healthcare institutions were most targeted by malware, leading the pack at 42 percent of Malwarebytes’ total US detections. The Midwest was not far behind at 36 percent. The South and Northeast had far fewer detection percentages at 15 and 7 percent, respectively.

The report also found that the consequences of a cybersecurity breach in healthcare can be especially daunting. Patient data can be exposed, and worse, lives jeopardized, as critical equipment and information may hang in the balance during an attack. For this reason, it is especially crucial that healthcare institutions work to upgrade their security posture, train and retrain employees, and establish and practice protocols in the event of an attack. As new technologial innovations are introduced in healthcare, it will become increasingly important to consider security in product or platform design, rather than trying to add it as an afterthought.

For the full CTNT Q3 2019: State of Healthcare Cybersecurity report, click here