Q3, 2019 Saw a 350% Increase in Ransomware Attacks on Healthcare Providers

Ransomware attacks on healthcare providers increased by 350% in Q4, 2019, according to a recently published report from Corvus. The attacks show no sign of letting up in 2020. Already in 2020 attacks have been reported by NRC Health, Jordan Health, Pediatric Physician’s Organization at Children’s, and the accounting firm BST & Co., which affected the medical group Community Care Physicians.

To identify ransomware trends in healthcare, Corvus’s Data Science team studied ransomware attacks on healthcare organizations since Q1, 2017. Between Q1, 2017 and Q2, 2019, an average of 2.1 ransomware attacks were reported by healthcare organizations each quarter. In Q3, 2019, 7 attacks were reported, and 9 attacks were reported in Q4, 2019. Corvus identified more than two dozen ransomware attacks on U.S. healthcare organizations in 2019 and predicts there will be at least 12 ransomware attacks on healthcare organizations in Q1, 2020.

Reports from other cybersecurity firms similarly show an increase in ransomware attacks on healthcare providers in the second half of the year. One report from Emsisoft suggested ransomware attacks had affected 764 U.S. healthcare providers in 2019.

The analysis by Corvus shows healthcare organizations have a smaller attack surface than the web average, which makes it easier to defend against attacks; however, attacks are still succeeding showing healthcare organizations are struggling to block the main attack vectors used by cybercriminals to deliver their ransomware payloads.

There are two main ways that threat actors gain access to healthcare networks to deploy ransomware: Remote Desktop Protocol (RDP) and email. Threat actors search for healthcare organizations with exposed RDP ports and use brute force tactics to guess passwords. Corvus calculated that having an open RDP port increases the likelihood of a ransomware attack by 37%. Healthcare organizations had an average of 9 open ports, with the lowest number in hospitals and the highest number in medical groups.

Email is the main attack vector, which is used in the majority of ransomware attacks on healthcare organizations. 91% of ransomware attacks were the result of phishing exploits according to Corvus.

Email security solutions capable of scanning emails, hyperlinks, and email attachments can identify and block many email-based threats; however, 75% of hospitals do not use those tools. Across the healthcare industry as a whole, only 14% of healthcare organizations used email scanning and filtering solutions.

Corvus’s research suggests that when email scanning and filtering tools are implemented there is a 33% lower chance of experiencing a ransomware attack. Risk can be further reduced by providing regular security awareness training to employees to help them identify phishing emails and malware threats. Email authentication measures should also be implemented. If email credentials are compromised, 2-factor authentication can prevent stolen credentials from being used to gain access to internal resources.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.