Healthcare bears brunt of spyware attacks
- 16 March 2006
The healthcare and pharmaceutical industry sector is more likely than any other to come under attack from spyware, an international report into internet security trends by firms Counterpane Internet Security and MessageLabs has concluded.
The survey, based on attack attempts witnessed by the firms, showed that IT systems in the healthcare sector suffered almost 50% of spyware attacks, compared with other types of markets and businesses. The survey covered hospitals and healthcare organisations as well as the pharmaceutical sector.
"[Spyware] is not limited to a financial drain on corporate resources," said the report, ‘2005 Attack Trends & Analysis’. "In February 2006, DMReview listed ‘The Malware Menace’ as the number one threat to healthcare information systems in terms of lost productivity and wasting IT resources."
Spyware is best characterised by programs that sit silently on a network or individual computer, tracking internet usage, serving unwanted adverts or redirecting internet traffic. The programs are usually accidentally downloaded by users or packaged secretly with other software.
Rarely, some spyware has been found that can track keystrokes or even reconfigure internet connections.
The report said that while some in the healthcare sector might not consider spyware an enormous risk, one result of attacks in healthcare is that IT personnel have to spend valuable time and resources trying to fix machines.
Another is that spyware is constantly evolving, and may pose even more serious threats. "As spyware matures and becomes more sophisticated, these infections may result in new and hidden entry points for hackers to penetrate the enterprise. The impact to these sectors that are experiencing a high infection rate in 2005… could be overwhelming in 2006."
As well as spyware, commonly observed security threats for healthcare include attempted system exploits, which are direct cracking attempts on systems either though viruses or logins, and unsolicited commercial e-mail, or spam.
According to Counterpane’s observations, 78.9% of e-mail received by the healthcare and pharmaceutical industry was spam.
"The healthcare business sector must consider the potential loss of life as well as remediation costs and wasted employee resources when completing a risk assessment of its corporate enterprise," warns the report.
Bruce Schneier, chief technology officer at Counterpane, said: "Security attack trends have rapidly evolved. In just twelve months, cyber-criminals have moved away from deploying large-scale generalized attacks, like Blaster and Slammer, towards carefully engineered attacks calculated for precise outcomes. This approach is epitomised by 2005’s epidemic of identity theft and financial fraud."
Links