How Long Does It Take to Breach a Healthcare Network?

A recent survey of hackers, incident responders, and penetration testers revealed that the majority can gain access to a targeted system within 15 hours, but more than half of hackers (54%) take less than five hours to gain access to a system, and steal sensitive data.

The data comes from the 2018 Nuix Black Report and its survey of 112 hackers and penetration testers, 79% of which were based in the United States.

When asked how long it takes to breach the perimeter of a hospital or healthcare provider and exfiltrate useful data, 18% said less than 5 hours, 23% said 5-10 hours, and 20% said 10 to 15 hours.

The least protected industries were hospitality, retail, and the food and beverage industry. However, healthcare, along with law firms, manufacturers, and sports and entertainment companies had below average results and were relatively easy to attack. This echoes the healthcare industry’s long standing appearance as a soft target when it comes to cyberattacks.

 Photo by Jorge Franco

Nuix points out that many of the industries that were rated as soft targets are required to comply with industry standards for cybersecurity. The retail and food and beverage industries are required to comply with Payment Card Industry Data Security Standard (PCI DSS) and healthcare organizations must comply with the HIPAA Security Rule, which requires safeguards to be implemented to ensure the confidentiality, integrity, and availability of healthcare data.

While organizations in certain industries are required to comply with cybersecurity standards, that doesn’t necessarily mean that appropriate safeguards are implemented, or that they are implemented correctly and provide the required level of protection.

“Most organizations invest heavily in perimeter defenses such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers we surveyed found these countermeasures trivially easy to bypass,” said Chris Pogue, Head of Services, Security and Partner Integration at Nuix and lead author of the report.

Information in the report also included demographics on hackers, and insight into hackers’ motivations for attacks, the techniques used, and the industries that offered the least resistance.

According to the authors, “it’s insightful to get an attacker’s view of what constitutes ‘success’ when breaching an organization. Understanding this perspective has a significant impact on how organizations should defend against and respond to security incidents and breaches to their IT infrastructure.”

Additional key takeaways from the survey include:

  • Across industry sectors, 46% of respondents said a breach takes more than 15 hours. In healthcare, 23% reported that it takes about five hours or less.

  • Once the perimeter is breached, 38% said they could find the data they wanted in less than an hour in hospitals and healthcare.

  • A staggering 77% of hackers reported they are identified by their targets less than 15% of the time.

  • 90% of hackers report being able to cover their tracks after a breach in less than 30 minutes.

  • The motivation for attacks is not always financial. 86% hack for the challenge, 35% for entertainment/mischief, and only 21% attack organizations for financial gain.

  • The most popular types of attacks are social engineering (27%) and phishing attacks (22%), preferred by 49% of hackers. 28% preferred network attacks.

“Perhaps the biggest takeaway from the Nuix Black Report is that your perception and understanding of the threat landscape may be in stark contrast to reality,” the authors wrote.

To access the full report, visit: www.nuix.com/sites/default/files/report_nuix_black_report_2018_web_us.pdf


Breadcrumb Cybersecurity is Central California’s only healthcare cybersecurity firm. We partner with healthcare organizations of all sizes to protect their critical assets from cyber breach. Contact us today for a no-obligation consultation.

Breadcrumb Cybersecurity helps organizations protect their infrastructure, critical data, and reputation from today’s advanced cyber threats. Based in California, Breadcrumb offers comprehensive cybersecurity services for organizations throughout the U.S. Our services include regulatory compliance, risk assessments, digital forensics, penetration testing, incident response, technical/staff training, 24/7 security operations, and on-going advisory services.
Breadcrumb uses cookies and other tracking technologies to offer you a better browsing experience, analyze our website, and assist with our promotional and marketing efforts. If you continue browsing, you are agreeing to the use of cookies. To learn more about our cookie use, see our Privacy Policy for more details.