Script kiddies, hacktivists, cybercriminals, nation-state actors and cyberterrorists — these are the adversaries to healthcare cybersecurity laid out in the Institute for Critical Infrastructure Technology's Hacking Healthcare IT In 2016 report.
The healthcare industry faces an unfortunate pair of truths when it comes to security and protection: It simultaneously is the most consistently targeted for its troves of valuable data and operates with some of the most outdated technology. The information those adversaries get hold of can be used for identity theft, insurance fraud and financial gain, among other things, according to the report.
The report concludes the single weakest link of the healthcare cybersecurity infrastructure, which is slowly improving, is the human element.
"Ongoing training must be paramount in any responsible healthcare organization," the report reads. "Adversarial initiatives typically start with targeting staff via spear phishing and watering hole attacks. The act of an illprepared executive clicking on a malicious link can trigger a hurricane of immediate and long term negative impact on the organization and innocent individuals whose records were exfiltrated or manipulated by bad actors."
The full 97-page ICIT report is available here.