New Study Highlights Healthcare Malware Risks

A new study has highlighted new healthcare malware risks, indicating there is a very real and present danger of cybersecurity attacks. But more worrying than the possibility of an attack, is news that those attacks have already taken place, and hackers are already browsing system data, patient files, and other sensitive material without the healthcare provider’s knowledge.

Healthcare Malware Risks are not Just Theoretical – Hackers May Already be Inside Computer Networks

Vectra Networks, a provider of network security services, recently analyzed the computer networks of 40 enterprises as part of a new data security study. Over 250,000 separate networked devices were analyzed to check for malware and evidence of targeted attacks by hackers. The company’s report makes for shocking reading. Vectra found evidence of targeted attacks having taken place at all of the 40 companies under study. It did not appear to make any difference whether the company was large or small; all had been attacked.

Unfortunately, hackers are not only skilled at breaking through complex, multi-layered security defenses, they are also experts at hiding their tracks, making identification of a compromised network particularly difficult. Flaws in security software and network set up are identified and exploited, with the malicious outsiders then able to hide their activity in a number of ingenious ways.

One of the main methods is to make the theft of data from a network appear to be part of users’ normal computing activities. Fake browser histories are set up, data theft is hidden in P2P file sharing logs, or through the TOR network, if used.

Hackers are Getting Better at Covering their Tracks and Hiding in Systems

In contrast to popular opinion, peer-to-peer file sharing networks are no longer used by hackers to steal data, at least not regularly. There are much sneakier ways that data is stolen. Hackers are able to set up hidden HTTPS tunnels through which data is transferred. This is a major cause for concern, as these hidden channels are very difficult for users and IT professionals to identify.

In many cases, the code required to exfiltrate data is hidden in regular files. Hackers are able to hide code in PNG files for instance, or in text fields and headers in regular files. Unfortunately, while anti-malware software is usually good at identifying malicious software, the files that hide the hackers’ code are rarely scanned by anti-virus and anti-malware programs. A clean malware scan is therefore no guarantee that a system hasn’t been compromised.

The director of product marketing at Vectra Networks, Wade Williamson, said “Once they get an exfiltration channel set it up, they can leave it open to steal data for a long while.”

Dealing with the New Healthcare Malware Risks

The researchers at Vectra Networks did offer some good news. In the majority of cases, systems had been compromised, but data had not yet been stolen. The attacks had not reached the critical point of exfiltration. Only 3% of cases actually revealed hackers had managed to steal data from computer networks.

This means there is still time to act. If thorough malware scans are conducted, the malicious code can be identified and removed; but that will depend on the programs used, and the depth to which they scan for malware and system changes.

Author: NetSec Editor