IoT devices are perfect target, report finds
HERNDON, Va. – A frightening number of hackers said they can find the health care data they’re seeking in under an hour, according to a new report by cybersecurity software company Nuix.
More than half of the hackers who responded to the company’s “Black Report” survey said it takes fewer than 10 hours to breach the perimeter of hospitals and health care provider systems, and 38% said they can find the data they’re looking for in less than 60 minutes.
“Those stats are disturbing on their own, but become more so when compared to many industry-accepted numbers that say it takes organizations seven to eight months, on average, to discover they’ve been attacked,” said Chris Pogue, head of services, security and partner integration, at Nuix. “That’s a long, long time for your data to be gone before you’ve figured it out.”
To compile the report, Nuix asked more than 100 hackers to complete an anonymous survey either online, at gatherings like Black Hat and Bsides Vegas, or on paper at a Nuix event.
The allure of health care data: It can be worth 10 times more than credit card numbers on the deep web, according to industry experts. The data can be used to create fake IDs to buy medical equipment or drugs, or to file fictional claims with insurers.
The report also found that Internet of Things health devices are low on the list of concerns for health systems and providers, but are actually a perfect target for attackers.
“IoT devices are, for now, about the lowest hanging fruit you can find,” said Pogue.
Pogue said the biggest obstacles to making health devices and systems more secure are the limited options and the dire need.
“The hospital’s choices are limited regarding which manufacturers they can purchase devices from, the doctors are more interested in functionality than they are security, and the patients are more focused on why they are monitoring their health rather than how secure the device is,” he said. “It will take a widespread attack to force the industry to react.”