While many cybersecurity reports examine the issue from the perspective of IT experts. But a new survey from software company Nuix looked at it from another view: that of the hacker.
And the results are pretty terrifying: 38 percent of surveyed hackers said they could find the healthcare data they sought in less than one hour.
The respondents also saw hospitals and healthcare providers as particularly soft targets. The sports and entertainment, retail and hospitality industries also seem to be easy prey.
“Organizations that plan their security controls … do so with one critical person missing from the table,” Chris Pogue, Nuix’s head of services, security and partner integration, said in a phone interview. “Who’s not at the table? The attacker.”
A total of 112 hackers participated in the survey. Respondents completed a survey anonymously online using Survey Monkey or in person during the Black Hat, Bsides Vegas and DEFCON hacker conferences. Individuals who wanted to retain complete anonymity could fill out a paper survey and turn it in at a Nuix event.
Pogue said he wasn’t surprised at the healthcare-related results.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
For one, numerous hospitals have weak security. Plus, the general mindset of the industry, he said, is to help people — not focus on cybersecurity.
“There’s a lack of understanding of what data they have and the value of that data,” Pogue said. “But doctors and hospital administrators need to understand that data has tremendous value on the black market.”
And that’s just the theft side of it. It doesn’t include tactics like ransomware, which often scare hospitals into simply paying the ransom.
When will the healthcare industry wake up? Pogue said it will likely take some kind of trigger event. For instance, people didn’t take cred card theft as seriously until the Target breach. Email theft wasn’t in the spotlight as much until the Yahoo hack.
“The security experts who were once the lone prophet in the desert suddenly aren’t crazy anymore,” Pogue said.
The survey also unveiled numerous tidbits about the hackers themselves. For instance, the Nuix “Black Report” found 22 percent of respondents said they used the same attack technique for a year or more. Only 10 percent said they’ve been hacking for one to three years, and 34 percent noted they have been hacking for 11 years or more.
Additionally, 43 percent of surveyed hackers were college graduates and 32 percent indicated they had postgraduate degrees (though none had PhDs). Fourteen percent had a high school degree, and 5 percent had a GED.
Photo: roshi11, Getty Images
