It’s never been more dangerous to visit a healthcare-related website. From insurance companies to self-help websites, hackers launched more attacks on the health industry than any other over the first half of 2015.
That’s according to a report published Thursday by G Data, the German cybersecurity company that regularly tracks cybercrime. This report, the first of two scheduled on malicious software activity in 2015, determined that 26.6 percent of all malware attacks were aimed at health sites. Compare that to 10.2 percent in the second half of 2014 and 6.5 percent in the first half of 2014.
“It could be insurance fraud,” said Andy Hayter, security evangelist at G Data, when asked about the possible motivation for the attacks. “This means people are hacking websites so that when you go there, you’re actually being redirected to a key logger or something that’s collecting information on you. … Healthcare websites are becoming more evil in the past year than they ever have before.”
Data previously obtained by International Business Times proved that U.S. patients’ healthcare information is among the most likely to be compromised in a data breach. A data breach is twice as likely to happen to healthcare sites as to sites that hold financial data. Further, the average cost of recovering a stolen identity is around $13,453 for a single person.
The G Data report, based on data from the company’s home and enterprise antivirus products, did not name affected health websites. But Hayter explained that the health category includes insurance sites, informative sites, medical news, hospitals and others that aim to help visitors improve their well-being.
Technology and telecommunications sites were the second-most targeted sites (11.6 percent), followed by pornography (9.6 percent), video games (7.6 percent) and blogging sites (7.1 percent).
WellsFargo.com was the website most likely to be infected with a banking “Trojan,” with a 35.28 percent attack probability (Wells Fargo ranked No. 8 in the last survey). Trojans, often launched in the form of a disguised email attachment, also targeted HSBC, Lloyds Banking Group, Barclays and a number of other online financial services.
Types of malware discovered include more than the typical phishing attempts. There was malicious advertising, “Man in the Middle” attacks (which redirect user traffic without their knowledge) and drive-by downloads, which occur when sketchy sites automatically install spyware onto a user’s computer.
The most effective way to avoid this kind of activity is to keep all computers and browsers updated, or hover the mouse over a link, which reveals the true link location.
“People need to be aware of where they click,” Hayter said. “Ask yourself, ‘Did I really win that contest?’ If it seems too good to be true, it probably is.”