Fraud Management & Cybercrime , Healthcare , Industry Specific

Ransomware Attacks in Healthcare Surging

Check Point Software Technologies Reports Ryuk Variant Most Common Culprit
Ransomware Attacks in Healthcare Surging

Ransomware and other cyberattacks on healthcare entities globally have increased by about 45% in the last two months, security vendor Check Point Software Technologies estimates.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

The increase in attacks “involves a range of vectors, including ransomware, botnets, remote code execution and DDoS attacks,” the company says. “However, ransomware shows the largest increase and is the biggest malware threat to healthcare organizations when compared to other industry sectors.”

In October, federal regulators and law enforcement officials in the U.S. issued a joint warning about a surge in ransomware threats to U.S. healthcare providers (see U.S. Hospitals Warned of Fresh Wave of Ransomware Attacks).

Why Are Hospitals Targeted?

Cybercriminals are targeting the healthcare sector “because they believe hospitals are more likely to meet their ransom demands,” the report notes, pointing to the desire to avoid potential disruptions in treatment during the COVID-19 pandemic.

“Unfortunately, that cybercrime threat has worsened over the past two months,” Check Point notes in its new report.

“Since the start of November, there has been a further 45% increase in attacks targeting healthcare organizations globally,” the report states. “This is more than double the overall increase in cyberattacks across all industry sectors worldwide seen during the same time.”

Crunching the Numbers

The data in the report was gathered using Check Point’s threat prevention technologies that was then stored and analyzed in what the company calls “ThreatCloud,” a Clear Point spokesman says.

“ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles of our over 100,000 customer install bases,” the spokesman says.

Central Europe tops the list of regions impacted by the spike in cyberattacks against healthcare organizations, with a 145% increase in November, the Check Point report estimates. That was followed by East Asia, which saw a 137% increase, and Latin America with a 112% increase, the report notes. Europe and North America saw 67% and 37% increases in attacks, respectively.

The Department of Health and Human Services’ HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individuals shows a surge of ransomware and other hacking incidents reported by U.S.-based healthcare entities and their vendors in 2020 (see: Analysis: 2020 Health Data Breach Trends).

Ryuk Poses Threat

The most commonly used ransomware variant used in attacks in the healthcare sector is Ryuk, followed by Sodinokibi, the report says. “It is also important to note that unlike common ransomware attacks, which are widely distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted.”

Because Ryuk and other types of ransomware exploits usually start with an initial infection with a Trojan, security teams should monitor for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions, the report recommends.

Jon Moore, chief risk officer at privacy and security consulting firm Clearwater, offers more advice: “Healthcare organizations should complete an inventory of their internet-facing services, making sure to secure those that are necessary and shutting down those that are not.

Network segmentation also can help organizations can limit the spread ransomware, he adds.

Looking Ahead

“It is safe to say that ransomware attacks will worsen in 2021 because a lot of organizations paid ransom in 2020,” says former healthcare CIO David Finn, executive vice president at privacy and security consulting firm CynergisTek.

“The attackers, to keep their assaults effective, will certainly change and adopt the strategies, tactics and topics,” he adds.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.