This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.  

2016 was the year of ransomware in cybersecurity, and it was especially impactful in healthcare. In this blog post, I’ll lay out a few predictions about the type of threats that the healthcare industry will face in 2017.

Sure Things

1. Ransomware Will Continue to Target Healthcare

I suppose this is an obvious one. Many hospitals were impacted by ransomware this past year. Hospitals in California, Indiana and Kentucky were hit especially hard by ransomware variants that target servers, as opposed to user PCs. A hospital in Washington was impacted to the point where it had to redirect patients to other facilities in order to maintain adequate quality of care.

The bad guys have turned to ransomware as their go-to choice of attack because the Bitcoin payments are anonymous and, as a business model, it is an effective way to get paid without getting caught by the police. They target healthcare because the attack vector for the highly effective SAMSA ransomware variant is through unpatched JBOSS application servers in the DMZ (the Internet-facing area of a network).  Hospitals have many of these servers and are being successfully exploited in increasing numbers.

With any luck, the word has been spread well enough to healthcare organisations so that JBOSS vulnerabilities have been patched or at least mitigated. However, we haven’t seen the last of this trend.  Ransomware will continue to target healthcare throughout 2017 through the standard areas of attack: web-based drive-by downloads, malicious e-mail attachments or links, and unpatched servers in the DMZ.

2. Accidental Oversharing in SaaS Apps Will Increase, Resulting in Losses of Patient Data

Medical staff love to use cloud file-sharing SaaS apps, like Box, Dropbox and Google Drive, because they fill a gap in many healthcare organisations: easy file sharing. The problem with the public versions of these services is that it’s up to the user to control who has access to the files, and it’s quite easy to accidentally configure a file containing protected health information (PHI) to be shared with the entire Internet public. Enterprise versions of Box, for example, enable administrators the ability to restrict public access, but many healthcare organisations don’t block the free versions.

I wrote a blog post earlier this year on the topic of SaaS security, along with some recommendations for mitigating the risk. Until healthcare organisations provide a sanctioned method for file sharing, both within and external to their organisations, and proactively block unsanctioned file-sharing websites, we are likely to see losses of patient data due to accidental oversharing.

Long Shots

1. A Cyberattack on a Medical Device Will Cause the First Confirmed Injury to a Patient

Many medical devices used in medical facilities today lack basic security. Often, medical devices lack endpoint protection, and regular patching, functioning on outdated operating systems, like Windows XP. For these reasons, they are prime targets for malware and cyberattacks.

There has been only one confirmed FDA order to pull a specific medical device out of hospitals. I believe the reason we have only seen one is due to insufficient research on and awareness of the problem.  There hasn’t been much research because medical devices are expensive and there is no financial incentive to perform the sort of security research required to find and fix medical device vulnerabilities.

Attackers motivated by money have used ransomware due to the quick payout and anonymity, but there’s a type of attacker who is in the “I did it because I could” crowd. These adversaries hack for fun. To date there have been no confirmed cases of physical harm to patients due to a cyberattack on a medical device, but I believe that it’s only a matter of time before a bad actor takes advantage of the most vulnerable area of hospital networks – medical devices – and wants to make a statement.

What are your cybersecurity predictions for the healthcare industry? Share your thoughts in the comments and be sure to stay tuned for the next post in this series where we’ll share predictions for financial services.



This article originally appeared on 


Executive summary: A more secure everywhere

The journey to the cloud is not a linear one, and organizations choose to migrate to the cloud in a multitude of ways and approaches. The resulting complexity is the enemy of security. In fact, according to ESG, “36% of organizations use between 24 to 49 different security products while 19% use more than 50 different products from an assortment of vendors.” All this noise only makes way for more security concerns such as integration issues, misconfigurations, and access control. To overcome this complexity and succeed in the cloud, organizations must demand security solutions that can quickly and effectively scale with changing business needs. Prisma by Palo Alto Networks is the industry’s most complete cloud security offering for today and tomorrow, providing unprecedented visibility into data, assets, and risks across the cloud and delivered with radical simplicity.

  • 106