TrickBot trojan named the most dangerous threat to healthcare

A lack of funding and legacy technology has led to the growing severity of healthcare's security landscape

The infamous Emotet and TrickBot trojans have been named as the two most popular attacks on healthcare organisations in 2019.

Emotet detections surged at the beginning of 2019 but a huge wave of TrickBot threats in the second half of the year has placed it as the number one threat to healthcare organisations today.

Advertisement - Article continues below

The number of threats presented by trojans, hijackers and riskware each grew by over 80% in 2019 compared to last year, according to Malwarebytes.

The cyber security company said the healthcare threat landscape has experienced significant growth this year which means those tasked with protecting it should be especially concerned as we approach the start of 2020.

The firm also observed a 60% increase in the overall number of threat detections at healthcare organisations in just the first three quarters of 2019 compared to the entirety of 2018.

In addition, there was an observable 45% increase attacks on healthcare-facing endpoints from Q2 2019 to Q3.

"Healthcare is vital to our population, industries and economy, which is why it's an especially concerning industry to see targeted by cybercriminals," said Adam Kujawa, director of Malwarebytes Labs. "Emotet, TrickBot, exploit, and backdoor detections targeting healthcare organisations are known to drop ransomware payloads later in their attack chains.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"For too long, these organisations have suffered due to antiquated equipment and underfunded IT departments, making them especially vulnerable," he added. "We should be arming healthcare now with extensive security measures because this pattern suggests that ransomware is looking to penetrate healthcare organisations from several different angles."

Healthcare is an industry which is famously underfunded and one in which cyber security is rarely prioritised. There are certain challenges that must be overcome in order to reach a point where healthcare institutions can afford to take cyber security seriously, according to Dr Saira Ghafur, lead for digital health, Institute of Global Health Innovation, Imperial College London.

Speaking at a Westminster eForum event in October 2019, Dr Ghafur said the NHS only spends about 2% of its annual budget on cyber security and this is because things like "buying cancer drugs are often seen as more of a priority than cyber security".

Advertisement - Article continues below

She also said there are no IT professionals on any of the NHS boards "so until you've got those people on NHS boards, then it's very difficult to then kind of ask for the money and make the case to the people who are actually in charge of budgets".

"[Assigning budget to security is] absolutely a choice but then when the NHS is underfunded as a whole system, then actually IT is going to be ... lower down in the priority of when you've got direct clinical care that you need to provide for patients," she added.

Healthcare organisations also rely on legacy technology to keep their life-saving equipment operational in some cases. Certain machines can only operate using the likes of Windows XP which has gone end of life and it can be difficult to replace these within constrained budgets.

"We need a lot more money to replace legacy infrastructure to actually secure medical devices and all other IT equipment that we already have, let alone all the new things that are coming into play as well," said Dr Ghafur, comparing the NHS' budget to other industries which can much spend more.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020