Healthcare Industry Accounts for 88% of Ransomware Attacks

NTT Security has published its Q2 2016 Threat Intelligence Report, which highlights the extent to which the healthcare industry is being attacked using ransomware. In Q2 2016, 88% of all detected ransomware attacks affected its healthcare clients, even though they accounted for just 7.4% of the firm’s client base.

The most common ransomware variant used to attack organizations was CryptoWall, which accounted for 94% of all ransomware attacks. Remnant, RansomLock.AK, TeslaCrypt, and CTB Locker were the main ransomware variants used in the remaining 6% of attacks. Ransomware attacks fell between January and February, but have since been on the rise. Attacks increased by approximately 11% each month between March and May according to the report.

Spam emails are sent out in the millions in the hope that unsuspecting recipients open infected attachments or click on malicious links. However, Jon-Louis Heimerl, manager of the company’s threat intelligence communication team, said the healthcare industry is now being targeted.

He attributed the targeted attacks to a perceived lack of protection against ransomware. Healthcare organizations are viewed by the hacking community to be poorly equipped to deal with cyberattacks compared to other industries such as the financial sector, although he did point out “We have no empirical data to show that.”

The potential harm that could be caused by the lack of access to data is more likely to result in ransom payments being made. Rob Kraus, director of research at NTT Security’s Security Engineering Research Team said “Healthcare has been a target for ransomware campaigns because the industry has often paid ransom to retrieve vital customer data quickly.”

The healthcare industry accounted for the vast majority of ransomware attacks, although the education and finance sectors were also targeted, accounting for 6% and 4% of attacks respectively.

Out of 11 categories of cyberattacks, the top three were web applications, malware, and application-specific attacks. Those three categories accounted for 62% of all cyberattacks. Web applications attacks were most common, accounting for 24% of all detected attacks in quarter 2. Across the top five industry sectors, including the healthcare industry, 48% of the attacks exploited vulnerabilities in ActiveX and Adobe products. The main targets for malicious actors were Adobe Flash Player, IE, Joomla, Java, SSL, and outdated Windows systems. The main forms of malware discovered were spyware and keyloggers, which accounted for 36% of all malware variants discovered in Q2.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.