Healthcare stands out due to the majority of breaches being associated with
internal actors. Denial of Service attacks are infrequent, but availability
issues arise in the form of ransomware.
466 incidents, 304 with confirmed data disclosure
Top 3 patterns
Miscellaneous Errors, Privilege Misuse and Web Applications represent
81% of incidents within Healthcare
Internal (59%), External (42%), Partner (4%) and Multiple parties (3%) (breaches)
Financial (83%), Fun (6%), Convenience (3%), Grudge (3%), and
Espionage (2%) (breaches)
Medical (72%), Personal (34%), Credentials (25%) (breaches)
The doctor can’t see you now (that you work for them)
Most people do not enjoy going to the hospital, but once it becomes unavoidable we all need to believe fervently that the good women and men who are providing us care are just this side of perfect. Spoiler alert: they are not. Healthcare is not only fast paced and stressful, it is also a heavily-regulated industry. Those who work in this vertical need to do things right, do things fast, and remain in compliance with legislation such as HIPAA and HITECH (in the US). That in itself is a pretty tall order, but when one combines that with the fact that the most common threat actors in this industry are internal to the organization, it can paint a rather challenging picture. With internal actors, the main problem is that they have already been granted access to your systems in order to do their jobs. One of the top pairings in Table 5 between actions and assets for Healthcare was privilege abuse (by internal actors) against databases. Effectively monitoring and flagging unusual and/or inappropriate access to data that is not necessary for valid business use or required for patient care is a matter of real concern for this vertical. Across all industries, internal actor breaches have been more difficult to detect, more often taking years to detect than do those breaches involving external actors.