Midsection of female nurse using digital tablet in hospital. Close-up of medical professional is touching screen in ward. She is wearing scrubs.Cybersecurity threats continued to plague the healthcare sector in 2018. Healthcare organizations notified twice as many individuals under HIPAA and other notification statutes in 2018 as compared with 2017. According to a new report from Malwarebytes Labs, 2019 State of Malware Report, trojan malware was the greatest threat to the healthcare sector in 2018.[1] Specifically, trojans Emotet and Trickbot, originally used in banking incidents, were labeled the most common malware strains, while hijackers, rootkits and riskware rounded out the top threats to the sector.

Information-stealing malware attacks increased by 132 percent since 2017, according to the report, proving that hackers are steering away from the formerly more common ransomware attack techniques that provide only short-term payments. Attackers are now trending toward more subtle, long-lasting trojan attacks[2] to harvest intellectual property, personal data and company information. Most recently, Emotet was seen pairing with healthcare’s other problem trojan, Trickbot, to secretly proliferate across a network to steal information. Possible reasons for this transition to trojan malware range from the fallout from successful privacy-protecting policies and rules, such as the Global Data Protection Regulation (GDPR), to the use of exploits, such as EternalBlue, and backdoors, such as DoublePulsar.

Threat actors’ tendencies to leverage information-stealing trojans in business and consumer breaches do not appear to be slowing as we move through 2019. Hackers are constantly updating the trojans with new functions designed to identify new opportunities to exploit, such as weak configurations and outdated assets. Overall, business detections of malware rose by 79 percent in 2018, primarily due to the increase in backdoors, miners, spyware and information stealers. Research shows that the deployment of patches, network and data segmentation, and better user-rights management configuration might keep the trojan invasion from spreading.

Although awareness increased within the healthcare sector, most organizations were challenged to keep pace, citing a lack of resources, tight budgets and a gap in IT staff sophistication. “As we look ahead to 2019, we anticipate the game of cat and mouse to continue on and on, with old tricks applied to new threats and new tactics used for old favorites.” Until the industry can catch up to the sophistication of attackers, bad actors across the country will continue to hit the sector with targeted attacks through 2019 and beyond.

[1]The Malwarebytes Labs team compiles a report each quarter to share intel, statistics and analysis of the tactics and techniques made popular by cybercriminals over the previous three months. At the end of the year, they synthesize this data into one all-encompassing report – the State of Malware report – that aims to follow the most important threats, distribution methods and other trends that shaped the threat landscape.
[2]Ponemon’s 2017 Cost of Data Breach study found that organizations were able to identify data breaches, on average, within 191 days. That number is a slight improvement on 2016’s figure, which was 201 days. Although we do not have any solid data from 2018 yet, the constant evolution of the threat landscape gives no reason to believe that the 2018 figures will be any better.