Healthcare is now top industry for cyberattacks, says IBM

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Cybercriminals have switched targets from banks to healthcare as the industry moved into the top spot of the rankings as the most-attacked in 2015, new research shows.

Over 100 million healthcare records were reportedly compromised last year, according to IBM’s “2016 Cyber Security Intelligence Index”, based on data collected between 1 January 2015 and 31 December 2015 from more than 8,000 client devices in over 100 countries.

Five of the eight largest healthcare security breaches since the beginning of 2010, with more than one million records compromised, took place during the first six month of 2015 – “the year of the healthcare breach”.

Health records, much of which remain valid and exploitable for years, contain valuable information for hackers. Credit card data, emails addresses, social security numbers, employment information and medical history records can be used in many instances of fraud or identity theft, according to IBM.

Martin Borrett, CTO IBM Security Europe, explained how much damage stolen health data can cause and why it is such a target for theft.

“We had a situation with a colleague from IBM in the US. John Kuhn, a senior security threat researcher, had to show hospital staff his stomach to prove he did not have a scar from the surgery they had charged him for.

John’s medical records had been stolen, and sold to someone else who had used them to have the surgery, leaving him with a $20,000 bill,” Borrett told the Independent.

Borrett said health organisations need to use all the tools available to protect themselves whether it is technology or staff and patient training on the risks posed by new technology.

“We would encourage healthcare institutions to view their entire technological and data operation the same as any other enterprise with highly sensitive information. The boards of management should have security on their agenda, and include it in their assessment of risk for the organisation as a whole,” Borrett said.

"As long as the data retains its value, there will be threats to any organisation that holds it,” Borrett added, warning that the healthcare industry will continue to be at risk in 2016.

The second place for the most attacked industry went to manufacturing, while government and the transportation industry took over fourth and fifth places, respectively.

Financial targets dropped from the top spot to the third place.

This is part due in to a significant increase in attack activity in the healthcare and manufacturing industries but also because if the improve the financial industry has done to its cyber security in reaction to major breaches over the past several years.

Some 60 per cent of cyber-attacks in 2015 were carried out by “insiders”, or those who had access to organisation systems, the study also found.

1. Healthcare

2. Manufacturing

3. Financial Services

4. Government

5. Transportation