Phishing attacks top security challenge for healthcare
The healthcare industry remains particularly vulnerable to security challenges, especially phishing attacks that fool individuals into clicking malicious links or opening malicious documents.
That is among the findings in the IBM X-Force Threat Intelligence Index 2017, which the company just released to analyze the security challenges faced by its clients.
In healthcare, two common types of attacks—SQLi and OS CMDi—combined for nearly half of all attacks in the health sector. Healthcare records, IBM researchers contend, remain a top prize for cyber criminals and are widely available on the DarkWeb market, on which compromised business records and other materials are bought and sold.
Other major attack methods targeting healthcare include manipulation of data structures and manipulation of system resources. “These attacks focus on known vulnerabilities within an application which, when successful, can lead to full system compromise,” report writers contend.
On average, clients monitored by IBM experienced 93 security incidents during 2016, a 48 percent drop from 2015. However, that may not indicate a safer threat environment, the vendor contends. “The reduction in attacks could mean attackers are relying more and more on proven attacks, thus requiring fewer attempts. Additionally, the combination of massive record leaks and a record year of vulnerability disclosures also paint a different picture.”
“One positive development during 2016 is that many companies now are using more secure hashing functions such as bycrypt to store passwords,” according to IBM. This means that even after a breach, passwords may be more difficult to crack.
The top types of attacks for monitored security clients in 2016 were injection of malicious data (experienced by 42 percent of its clients), manipulation of data structures to gain unauthorized access (32 percent) and collection/analysis of information (9 percent). The complete IBM report is available here.