The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Industry Cyberattacks Increase by 45%

Posted By on Jan 6, 2021

In the fall of 2020, a warning was issued to the healthcare and public health sector following a spike in ransomware activity. The joint CISA, FBI, and HHS cybersecurity advisory explained that the healthcare industry was being actively targeted by threat actors with the aim of infecting systems with ransomware. Several ransomware gangs had stepped up attacks on the healthcare and public health sector, with the Ryuk and Conti operations the most active.

A new report from Check Point shows attacks continued to increase in November and December 2020, when there was a 45% increase in cyber-attacks on healthcare organizations globally. The increase was more than double the percentage rise in attacks on all industry sectors worldwide over the same period. Globally, there was an average of 626 cyberattacks on healthcare organizations each week in November and December, compared to 430 attacks in October.

The vectors used in the attacks have been varied, with Check Point researchers identifying an increase in ransomware, botnet, remote code execution, and DDoS attacks in November and December; however, ransomware attacks showed the largest percentage increase and ransomware remains the biggest malware threat. This implies that cybersecurity should be included in HIPAA compliance programs.

Conti ransomware continues to pose a threat and has been used in many healthcare industry ransomware attacks, although Ryuk remains the most commonly used ransomware variant, followed by Sodinokibi. The biggest increase in attacks was in Central Europe, which saw a 145% spike in attacks, followed by East Asia (137%) and Latin America (112%). There was a 67% rise in attacks in Europe and a 37% increase in North America. The country with the biggest increase was Canada, which saw attacks increase by 250%.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Ransomware attacks are financially motivated. Ransomware gives threat actors a large payout in a matter of days after conducting an attack and ransoms are often paid to allow files to be restored or to prevent the release or sale of stolen sensitive data. The healthcare industry is targeted because there is a higher probability that a ransom will be paid than attacks on other industry sectors. Healthcare providers need to restore access to patient data quickly to ensure care can continue to be provided to patients, especially at a time when there is tremendous pressure due to the number of new patients requiring treatment for COVID-19.

While it is still common for ransomware to be distributed via spam email and exploit kits, the attacks on the healthcare industry have been highly targeted, with the main ransomware variants used in the attacks delivered manually. Initial access to healthcare networks is gained using a variety of methods. Many ransomware attacks start with phishing emails that deliver Trojans such as Emotet, TrickBot, and Dridex. Check Point advises security professionals to search for these Trojans on the network, along with Cobalt Strike, all of which are used to deliver Ryuk ransomware.

Many ransomware attacks start with a phishing email, so it is important to ensure that anti-phishing cybersecurity solutions are implemented, and for employees to receive regular training to help them identify phishing and social engineering attacks.

While most phishing attacks occur in the week during business hours, ransomware attacks commonly commence over the weekend and during holidays, when monitoring by security staff is likely to be reduced. Healthcare organizations are advised to raise their guard over the weekend and during holidays to detect attacks in progress.

Vulnerabilities in software and operating systems are commonly exploited to gain access to healthcare networks, so prompt patching is vital, but in healthcare it is not always possible for patches to be applied. Check Point recommends using an intrusion prevention system (IPS) with virtual patching capabilities that can prevent the exploitation of vulnerabilities in systems and applications that cannot be patched. Anti-ransomware cybersecurity solutions should also be used that have a remediation feature that can block attacks within minutes if ransomware is deployed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist