Ransomware Attacks in Healthcare SurgingCheck Point Software Technologies Reports Ryuk Variant Most Common Culprit
Ransomware and other cyberattacks on healthcare entities globally have increased by about 45% in the last two months, security vendor Check Point Software Technologies estimates.
The increase in attacks “involves a range of vectors, including ransomware, botnets, remote code execution and DDoS attacks,” the company says. “However, ransomware shows the largest increase and is the biggest malware threat to healthcare organizations when compared to other industry sectors.”
In October, federal regulators and law enforcement officials in the U.S. issued a joint warning about a surge in ransomware threats to U.S. healthcare providers (see U.S. Hospitals Warned of Fresh Wave of Ransomware Attacks).
Why Are Hospitals Targeted?
Cybercriminals are targeting the healthcare sector “because they believe hospitals are more likely to meet their ransom demands,” the report notes, pointing to the desire to avoid potential disruptions in treatment during the COVID-19 pandemic.
“Unfortunately, that cybercrime threat has worsened over the past two months,” Check Point notes in its new report.
“Since the start of November, there has been a further 45% increase in attacks targeting healthcare organizations globally,” the report states. “This is more than double the overall increase in cyberattacks across all industry sectors worldwide seen during the same time.”
Crunching the Numbers
The data in the report was gathered using Check Point’s threat prevention technologies that was then stored and analyzed in what the company calls “ThreatCloud,” a Clear Point spokesman says.
“ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles of our over 100,000 customer install bases,” the spokesman says.
Central Europe tops the list of regions impacted by the spike in cyberattacks against healthcare organizations, with a 145% increase in November, the Check Point report estimates. That was followed by East Asia, which saw a 137% increase, and Latin America with a 112% increase, the report notes. Europe and North America saw 67% and 37% increases in attacks, respectively.
The Department of Health and Human Services’ HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individuals shows a surge of ransomware and other hacking incidents reported by U.S.-based healthcare entities and their vendors in 2020 (see: Analysis: 2020 Health Data Breach Trends).
Ryuk Poses Threat
The most commonly used ransomware variant used in attacks in the healthcare sector is Ryuk, followed by Sodinokibi, the report says. “It is also important to note that unlike common ransomware attacks, which are widely distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted.”
Because Ryuk and other types of ransomware exploits usually start with an initial infection with a Trojan, security teams should monitor for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions, the report recommends.
Jon Moore, chief risk officer at privacy and security consulting firm Clearwater, offers more advice: “Healthcare organizations should complete an inventory of their internet-facing services, making sure to secure those that are necessary and shutting down those that are not.
Network segmentation also can help organizations can limit the spread ransomware, he adds.
“It is safe to say that ransomware attacks will worsen in 2021 because a lot of organizations paid ransom in 2020,” says former healthcare CIO David Finn, executive vice president at privacy and security consulting firm CynergisTek.
“The attackers, to keep their assaults effective, will certainly change and adopt the strategies, tactics and topics,” he adds.