InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Preparedness

Threat Report Review: Healthcare

By Stacey McDaniel

Healthcare organizations are increasingly evolving into Internet-based businesses in better position to meet the standards and requirements of the Health Insurance Portability and Accountability Act, as well as to adopt digital formats such as Electronic Health Records. Conducting business online creates efficiencies, improves accountability, and may reduce costs. But with this new way of doing business comes increased exposure to threats that affect key data and infrastructure. A new report from security company Symantec highlights areas where healthcare organizations have been most vulnerable, and, in some cases, what can be done to thwart potential threats.

Top Internet attacks in healthcare

The report, which measured Internet attacks, vulnerabilities, and malicious code activity that occurred in the first six months of 2004, found three prominent forms of attack among healthcare companies. Worm-related attacks were the most common, with the Gaobot and MyDoom worms appearing the most often, followed by a denial of service (DoS) attack by a form of spam called Internet Control Message Protocol (ICMP) Unreachable Attack.

The Gaobot worm was the most common attack, with 23.5% of attacking IP addresses targeting the healthcare industry alone. The Gaobot worm could be particularly detrimental to electronic health records and other sensitive healthcare information because it affects the integrity of the system and the information stored in or transmitted by it. To prevent infection, email server antivirus scanning is recommended, as is a close scrutiny of incoming email attachments. Perimeter control, such as a proxy firewall, can also help to control the risk of infection. Gaobot may also gain entry to organizations via mobile or remotely connected computers -- an increasingly common scenario in healthcare, as portals are becoming more commonplace and are being accessed remotely.

The mass-mailing MyDoom worm that began spreading in January 2004 was the next most detected attack, with 5.1% of attacking IP addresses exclusively aimed at the healthcare industry. MyDoom uses social engineering to fool the user into executing an attachment, thereby releasing and spreading the worm. MyDoom infections can result in limited email availability due to using up existing capacity. As with the Gaobot worm, countering MyDoom requires regular email server antivirus scanning, along with scrubbing of email attachments.

The third most common attack the healthcare industry faced was the ICMP Unreachable Attack -- arguably the most damaging because of its ability to cause denial of service attacks that render servers unable to deliver requested data. A DoS attack can halt a healthcare organization's Web, email, and database services all at once -- potentially threatening patient safety if the necessary information is not available.

The ports behind the attacks

Knowing which ports are being attacked gives security analysts a better understanding of which services are being targeted, and provides insight into which attacks are most common. Ports are tied to particular applications that see activity over Internet and Ethernet connections. The report disclosed that TCP port 445 was the top targeted port against the healthcare industry in the first six months of 2004. Port 445 is used for Microsoft file and printer sharing and, as such, is often blocked at the network perimeter. The high number of attacks against port 445 suggests the prevalence of the Sasser worm, which is released over this port.

TCP port 135 was the second most frequently targeted port in healthcare. Attacks against this port have been associated with the Blaster worm, Microsoft Windows Messenger pop-up spam, and some Gaobot variants. Port 80 was also found to be a target; this could indicate targeting of not only Web servers, but also Web applications. These threats place sensitive health information at risk because they allow attackers to illicitly obtain information without compromising the integrity of the underlying operating system. The best defense is to install an intrusion detection system, as it should contain signatures to detect Web application attacks. This system is also crucial for performing timely vulnerability patching.

Two peer-to-peer file-sharing ports (specifically two ports used by the Gnutella and eDonkey file sharing networks) are included in the top ten targeted ports. To be sure these programs aren't in use, healthcare organizations should audit all incoming and outgoing traffic for any unauthorized applications that may place the organization at legal risk.

Where the attacks are coming from

The report shows that the majority of attacks directed at the healthcare industry originated from North American-based systems. The United States was the top country of attack origin for attacks detected by sensors in the healthcare industry over the first six months of 2004. In fact, attacks originating in the United States targeted the healthcare industry more frequently than they targeted the Internet as a whole (46.9% of attacks against the healthcare industry originated in the United States, compared with 37.3% of Internet-wide attacks). Attacks originating in Canada showed a similar bias towards healthcare, accounting for 16.0% of attacks against healthcare organizations, in contrast with 5.8% of Internet-wide attacks. While it is impossible to fully understand the bias, the local nature of healthcare organizations in Canada and the United States likely plays a major factor. While some industries consist largely of national and transnational organizations, many healthcare organizations have a regional focus, which may limit their attractiveness to attackers from distant locations.

The need to remain vigilant

Despite the ongoing prevalence of worms and DoS attacks, the Symantec Internet Security Threat Report Volume VI actually found that the number of targeted attacks against the healthcare industry dropped during the first six months of 2004 compared to previous reporting periods.

However, the healthcare industry has significant security challenges to address as caregivers make the move from paper to electronic records. As more sensitive healthcare data goes online, the need for stronger security increases, and the industry must step up to meet the challenge. The healthcare industry must be careful to implement the proper protection for the electronic systems it puts in place -- this involves securing the network, the perimeter, application servers, and each and every device that is connected to the healthcare network.

Stacey McDaniel has been writing about high-tech issues for more than six years.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"23.5% of IP addresses attacked by the Gaobot worm were in the healthcare industry."
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com