Attacks On Healthcare Sector Are On The Rise
According to Bitglass, a US-based provider of threat protection services, the number of reported healthcare breaches reached 599 in 2020, a 55.1% spike compared to 2019. Hacking and IT incidents accounted for the vast majority of these incidents, exposing personally identifiable information of more than 24 million individuals.
Medical facilities in California were hit the most, with the number of incidents totaling 49. Texas, with 43 breaches, ranked second in this unsettling rating. The statistic was slightly lower for New York (39 incidents). Florida and Pennsylvania ended up in the same boat, each with 38 documented breaches.
Looking at the report from a different angle, cyber-attacks against healthcare organizations in Michigan affected the largest number of individuals across the board. That is largely due to a massive data breach suffered by the state’s Trinity Health system last spring. It exposed full names, addresses, insurance details, and contact information of 3.3 million patients.
Security incidents that occur in the healthcare sector are harder and more costly to recover from than in any other industry. The average cost per compromised user record amounted to $499 in 2020, up from $429 the previous year. Also, it took the average healthcare facility roughly 236 days to get completely back on track after a breach.
Pandemic underway? Ransomware operators could not care less
Ransomware gangs showed their true colors amid the coronavirus emergency by continuing to infect hospitals when they are least prepared. According to Interpol, online extortionists have stepped up their efforts to raid these organizations’ IT networks since early 2020. Law enforcement officials emphasize that in addition to data damage, these assaults have serious real-world implications as they obstruct quick medical response.
In January 2021, researchers at Check Point found that ransomware strains called Ryuk and Sodinokibi (REvil) dominate this area of the threat landscape. These targeted attacks mostly hinge on phishing, unsecured remote desktop services, and vulnerabilities in the networks of managed service providers (MSPs) working with hospitals.
In many scenarios, IT environments are infiltrated by computer trojans long before extortion begins. The initial infection opens a backdoor so that crooks can quietly download and execute a second-stage payload such as ransomware or a coin miner later on.
The list of ransomware families that have attacked medical organizations during the COVID-19 crisis also includes Maze, Clop, SunCrypt, Dharma, and Snake. Most of them follow what is called a double extortion tactic. Aside from data encryption, they steal the most valuable files so that their authors can pressure victims into submitting the ransom. The ultimatum is as follows: pay up, or patients’ records will be uploaded to a “public shaming” site.
Unfortunately, this scheme works. Last fall, the University Hospital in New Jersey coughed up $670,000 to SunCrypt ransomware distributors to prevent 240 GB worth of stolen files from being leaked.
Going forward
With attacks against hospitals skyrocketing, the only effective response is to harden the defenses by establishing security protocols, educating employees on phishing scams, and prioritizing the protection of patient data. To avoid a single point of failure in case of a ransomware incursion, healthcare organizations need a plan B – a data backup strategy that will allow them to quickly resume normal activities.