Healthcare Cyber Heists in 2019

The phrase, “First, do no harm,” is commonly referenced among medical professionals to reflect the utmost importance placed on patient care. The phrase is often attributed to the original version of the Hippocratic oath, though its true derivation is, in fact, unknown.

Regardless of the etymology, the sentiment is clear: above all else, a healthcare professional should consider patients’ well-being. And in 2019, “well-being” has evolved to include privacy and cybersecurity concerns.

Healthcare organizations are increasingly being targeted by cyberattacks due to the gold mine of personal data they possess. The potential, real-world effect these attacks can have is substantial. (See the WannaCry and NotPetya
ransomware attacks of 2017.)

Cyberattackers now have the ability to access, steal and sell patient information on the dark web. Beyond that, they have the ability to shut down a hospital’s access to critical systems and patient records, making effective patient care
virtually impossible.

And, with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.

The silver lining has been that awareness of the problem has never been higher. While the industry has traditionally lagged when compared with, say, finance or retail, the healthcare ransomware attacks of 2017 (and the many
others to follow) served as a clarion call that too many cyberattackers do not adhere to the principle of “do no harm.”

In this seminal report on the state of cybersecurity in the healthcare industry, Carbon Black collaborated with 20 of the industry’s leading CISOs to determine how attackers have evolved over the past year, the biggest concern these
security leaders have (HINT: it’s not cybersecurity for most) and how confident they are in their cybersecurity programs. This report is a companion piece to the popular “Modern Bank Heists” report from Carbon Black, which reported on the state of the finance industry in March of 2019.