IBM X-Force: Number of compromised healthcare records drops 88 percent in 2016

Which industry do you think experienced the most cyberattacks in 2016? If you guessed healthcare, think again.

New data from the 2017 IBM X-Force Threat Intelligence Index shows that although the healthcare industry was most frequently targeted by cyberattacks in 2015, the financial services industry took the cake in 2016.

The healthcare industry also fell off the map in terms of the number of records compromised. Healthcare saw a whopping number — nearly 100 million records — leaked in 2015, compared to only 12 million records in 2016, resulting in an 88 percent drop.


The IBM X-Force Threat Intelligence Index includes data gathered between January 1, 2016, and December 31, 2016. Each year, IBM Security Services keeps track of incidents from over 8,000 devices in more than 100 countries. IBM X-Force not only runs spam traps across the globe but also analyzes over 37 billion websites.

Despite the lower number of compromised healthcare records, the report found the number of records leaked across all industries grew at an astounding rate: 566 percent. While there were 600 million records compromised overall in 2015, there were more than 4 billion compromised in 2016.

And it’s not just the number of compromised records that changed. Cybercriminals started rethinking their game plans in 2016. The report noted cybercriminals increasingly started to go after unstructured data, including business documents and email archives.

“Cybercriminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic,” Caleb Barlow, IBM Security’s president of threat intelligence, said in a statement. “While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal movement. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

Ransomware is indeed becoming an epidemic across every industry. As the report notes, ransomware “continues to be one of the most profitable forms of malware in terms of effort versus earnings.” The report specifically points to the February 2016 case of Los Angeles-based Hollywood Presbyterian Medical Center as an example of the growing threat of ransomware. Ransomware is typically distributed via attachments in spam emails. As such, 2016 saw a fourfold increase in spam compared to 2015. About 44 percent of spam included dangerous attachments, and 85 percent of those attachments included ransomware.

Moving forward, organizations — whether in healthcare or not — must put an increased emphasis on security. They must also be open to collaborating with other organizations and individuals to learn best practices. “The faster they react to cybercrime findings and share their experiences across the security community, the less time each malware variant can live and/or see successful fraud attacks,” the report concludes. “As a result, cybercrime can become much less financially viable for attackers, as exposure can weed out large numbers of fraudsters who abandon their criminal pursuit for lack of profit.”

Photo: HYWARDS, Getty Images

FBI cautions healthcare organizations of cyberattacks

If you think you’re free from cyberattacks, the FBI has news for you.

The Federal Bureau of Investigation has issued a private industry notification to medical and dental facilities regarding the looming dangers of cyberattacks.

The notification points out that cybercriminals have been targeting File Transfer Protocol servers to gain access to patients’ protected health information and personally identifiable information. The criminals access FTP servers operating in “anonymous” mode and use the information gained to “intimidate, harass and blackmail business owners,” according to the FBI.


“Cybercriminals could also use an FTP server in anonymous mode and configured to allow ‘write’ access to store malicious tools or launch targeted cyberattacks,” the FBI notification said.

FTP servers are commonly used to transfer data between network hosts. A 2015 study out of the University of Michigan in Ann Arbor noted FTP has mostly been replaced by HTTP, SCP and BitTorrent. However, the study also found about 1.1 million extant FTP servers allow anonymous access. “These anonymous FTP servers leak sensitive information, such as tax documents and cryptographic secrets,” the study said. “More than 20,000 FTP servers allow public write access, which has facilitated malicious actors’ use of free storage as well as malware deployment and click-fraud attacks.”

To combat this growing threat, the FBI suggests healthcare organizations double-check their networks to ensure FTP servers aren’t running in anonymous mode. If organizations must use anonymous mode, the FBI recommends administrators refrain from storing PHI and PII on the FTP server.

This isn’t the first time the FBI has spoken out about the issue of cybersecurity. Earlier this month, FBI Director James Comey gave the keynote speech at the Boston Conference on Cyber Security. During his address, Comey said cyberthreats are “too fast, too big and too widespread for any of us to address them alone.”

He noted that cybercriminals come from all over and use various means to gain what they want. “And we’re not only worried about loss of data, but corruption of that data and lack of access to our own information,” Comey said.

When asked to elaborate on the number one cyberthreat to healthcare providers, Comey replied with one word: ransomware, according to The National Law Review. On that front, Comey advised healthcare leaders not to pay ransom and to maintain backup systems to protect valuable data. Additionally, Comey urged healthcare organizations to collaborate and work with the FBI in situations involving a cyberattack.

Photo: Epoxydude, Getty Images