Healthcare Ransomware Infections Increased by 17% in Q3

According to the NTT Security Q3 Quarterly Threat Intelligence Report, the healthcare industry is now in fifth most targeted industry registering 11% of all attacks in Q3, behind the finance industry (23%), retail (19%), manufacturing (18%), and technology (12%).

The report shows malware and ransomware continue to be a major problem for the healthcare industry. Q3 saw malware attacks increase by 67% and application-specific attacks rise by 28%, although there was a fall of 28% in web application attacks.

Malware Attacks on Healthcare Organizations Rose by 67%

Malware attacks on healthcare organizations increased by 67% in Q3. Viruses and worms the biggest subcategory accounting for 63% of attacks, followed by adware and malicious BTOs (22%), Trojans/droppers (12%), and Keyloggers and spyware (2%).

The main delivery mechanism was spam email containing malicious attachments, which accounted for 73% of attacks. While malicious Word macros have previously been favored, NTT Security observed an increase in the use of Windows Script Files (WSFs), in particular for the delivery of ransomware variants such as Nemucod, Cerber, & Zepto.

Overall, ransomware accounted for a small percentage of malware-related attacks (1%), although ransomware infections increased by 17% from Q2 to Q3. In quarter 2, the healthcare industry accounted for 88% of ransomware detections across all industries. In Q3 the figure fell to 26%, with education taking over as the most targeted industry sector. NTT Security points out that this does not represent a fall in ransomware attacks on healthcare organizations, rather an increase in attacks on other industry sectors. The biggest threat was Cerber ransomware, which accounted for 35% of all healthcare industry infections.

Application-Specific Attacks on Healthcare Organizations

The rise in application-specific attacks has been attributed to the exploitation of the GNU Bash – ShellShock vulnerability (CVE-2014-6271). The vulnerability was increasingly targeted by hackers in Q3. Many healthcare servers are still vulnerable as the patch for the vulnerability has still not been applied, even though a patch was released more than two years ago.

Adobe Flash vulnerabilities continue to be exploited and were a major source of attacks in Q3. While attacks leveraging Adobe Flash vulnerabilities are usually associated with exploit kit activity, NTT Security researchers noted a fall in exploit kit activity over the quarter. That said, the healthcare industry did account for 20% of exploit kit detections over the quarter and was the second most targeted industry using this attack vector. NTT Security suggests attacks were occurring via spam email or drive-by downloads. 14% of targeted vulnerabilities were for Adobe Flash Player and Adobe Reader. CVE-2015-2387 was the most targeted vulnerability, which affects the Adobe Type Manager Font Driver.

The report suggests “the inclination for so many providers to choose patient care over cybersecurity,” the complexity of healthcare systems, an increasing attack surface, and the high value of healthcare data make the industry a big and easy target.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.