A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization’s own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization’s network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.
A new SANS-Norse report reveals many findings and salient conclusions. Among the most alarming were the following:
- 49,917 unique events of a malicious nature took place within the healthcare IT environment during the period when intelligence was gathered; this was a small sample of the data gathered during that period.
- Networks and devices at 375 U.S.-based healthcare-related organizations were compromised during this period, and some of them are still compromised.
- Compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers.
- The most frequently compromised systems were VPNs, which accounted for more than 30 percent of all compromised connected end-points detected.
Norse identified compromised devices and networks with its global threat intelligence infrastructure, a network of more than six million sensors and next-generation honeypots located in 38 global data centers and 20 major Internet exchanges. When compromised organizations emanate malicious IP traffic, the infrastructure detects it and immediately traces it back to the owner.
A wide range of organizations emanated malicious IP traffic, many of them for months and some for the duration of the study — meaning they never detected their compromises and outbound malicious communications. Not only was this problematic for the target of the attack, but the open attack surface opened the doors for attacks on other organizations.
Although many types of organizations were compromised, one type produced the majority of malicious traffic:
- Healthcare Providers — 72 percent of malicious traffic
- Healthcare Business Associates — 9.9 percent of malicious traffic
- Health Plans — 6.1 percent of malicious traffic
- Healthcare Clearinghouses — 0.5 percent of malicious traffic
- Pharmaceutical — 2.9 percent of malicious traffic
- Other Related healthcare entities — 8.5 percent of malicious traffic.
“What SANS and Norse have uncovered in this report is, in a word, alarming,” stated Sam Glines, CEO of Norse. “The sheer number of attacks being perpetrated against healthcare organizations is overwhelming, while the defenses in place are not nearly enough to neutralize them. So although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price.”