Data breaches are costly events – with an average price tag of $3.8 million each according to a Ponemon Institute report – and healthcare is a prime target. The bulk of data breach media coverage focuses on the aftermath – the cost and pursuant lawsuits – but who are the people behind this rapidly burgeoning threat?
"We have moved from hackers to attackers," says John Gomez, CEO of cybersecurity firm Sensato. In the past, hacking was more of an opportunistic crime: A hacker would come across a vulnerability and exploit it. But now, data breaches are perpetrated by individuals and groups actively seeking weaknesses.
Who are cybercriminals?
• Black market salesman. The first category of cybercriminals is focused solely on profit. These groups tend to be well-funded and well-organized. Attacks led by these groups are designed to obtain information and sell it on the black market to the highest bidder.
• Cyberspies. Cyberspies are often backed by nation-states. This class of cybercriminals is motivated by reconnaissance and the value of intelligence. "This is a classic espionage attack," says Mr. Gomez. "This type of information can be used by a nation-state for blackmail purposes."
• Cyberterrorists. Cyberterrorists, an emerging category, are driven by ideology rather than financial gain. "Cyberterrorists are looking to kill someone, not steal data," says Mr. Gomez. "Biomedical devices, such as insulin pumps, are attached to a network, but not secure. These represent opportunities for very possible attacks."
How it's done
Cybersecurity is becoming an increasing priority in healthcare, but cybercriminals can still skirt hospital and health system security measures. The four primary areas they hone in on include: supply chain, the cloud, biomedical devices and interfaces. "Healthcare has spent the last five to six years improving technology, but we didn't think about securing our systems," says Mr. Gomez. "Even small community hospitals will have between 300 and 400 computing systems." This represents significant opportunities for cybercriminals to take advantage of poorly secured systems.
Catching the culprits
There is a science to determining the culprits behind attacks; 30 percent to 40 percent of cases can be attributed to the correct source, according to Mr. Gomez. But, identifying the source can only do so much. Proper attacker attribution can allow organizations to understand the methodology used to carry out the attack and protect against those same strategies going forward, but cybersecurity measures are constant. Patching up one hole is no guarantee of completely secure systems. "[Cybercriminals] will find a new methodology," says Mr. Gomez. "Attackers tend to cooperate with one another. For example, if someone from ISIS put out a notice about breaking through a particular computer system, other attackers will respond."
While cybercriminals have moved to an advanced form of crowdsourcing and collaboration, the targeted organizations remain relatively closemouthed. "There is very little sharing of information between defenders when an attack happens," says Mr. Gomez. "Attackers have the upper hand."