The healthcare sector has been the industry with the highest number of data breaches, followed by the government and retail sectors. In 2015, a total of 113.2 million healthcare-related records were stolen, which remains the highest number of stolen data from a breach in the healthcare industry so far. That year, however, was not the only time healthcare institutions were targeted. As early as 2012, healthcare institutions became victims of cyber attacks. The most common kind of attack is related to cybercrime in the form of data breaches. But there are other possible pathways for malicious actors to do harm to this poorly protected industry.
The biggest impact of health care record theft is noticeable in countries where most citizens have health insurance. In 2016, 91% of the U.S. population had health insurance. Therefore, any major breach in a healthcare organization in the U.S. could affect a great number of citizens.
One way that individuals are affected by a breach is when stolen personal data are used by cybercriminals to procure drugs, commit tax fraud, steal identities and commit other fraudulent acts. Victims of a data breach may not even be aware that their personal data has been stolen, or perhaps is being used in criminal acts.
The Internet of Things (IoT) simplifies a lot of processes and is celebrated as a great connector. However, this increased connectivity also has some pitfalls. With the help of Shodan, a search engine that lets you search for internet-connected devices, we explored what healthcare-related devices and networks are visible to practically anyone.
In this paper, we discuss several aspects of the healthcare threat surface. In the first part, we look at how the healthcare sector has evolved as a preferred target for cybercriminals. We try to understand how stolen medical records are monetized after a breach, what types of data are stolen, how much they are sold for on the underground markets, and how cybercriminals make use of them. The second part of this paper is dedicated to the analysis of Shodan scan data which reveals what healthcare-related devices and networks are connected to the internet and are visible to everyone, including cybercriminals.
Exposure on the internet, however, does not mean that these devices have been compromised or are even actually vulnerable to exploitation. In this research we purely show that certain devices are exposed online, which makes it easier to exploit if a vulnerability in the device software is found.