Share this article on:
A new report published by Tenable has revealed almost half of all healthcare data breaches are the result of ransomware attacks, and in the majority of cases the attacks were preventable.
According to the Tenable Research 2020 Threat Landscape Retrospective Report, 730 data breaches were reported across all industry sectors in the first 10 months of 2020 and more than 22 billion records were exposed. 8 million of those records were exposed in healthcare data breaches.
Healthcare registered the highest number of data breaches of any industry sector between January and October 2020, accounting for almost a quarter (24.5%) of all reported data breaches, ahead of technology (15.5%), education (13%), and the government (12.5%).
Due to the high number of healthcare data breaches, Tenable researchers analyzed those breaches to identify the main causes and found that ransomware attacks accounted for 46.4% of all reported data breaches, followed by email compromise attacks (24.6%), insider threats (7.3%), app misconfigurations (5.6%) and unsecured databases (5%). Across all industry sectors, ransomware attacks accounted for 35% of data breaches and 14.4% of breaches were due to email compromises, which shows the healthcare industry is particularly vulnerable to these types of attacks.
While no healthcare organization is immune to ransomware attacks, in the most part these attacks can be prevented. One of the most common ways for ransomware gangs to gain access to healthcare networks is the exploitation of vulnerabilities in Virtual Private Network (VPN) solutions. The two vulnerabilities most commonly exploited by ransomware gangs are the CVE-2019-19781 vulnerability in the Citrix ADC controller, which affects gateway hosts, and the CVE-2019-11510 vulnerability in Pulse Connect Secure.
Patches to correct both of these vulnerabilities were released in early 2020, yet many organizations were slow to apply the patches and correct the flaws, which gave threat actors an easy way to gain a foothold in networks, access and exfiltrate sensitive data, and deploy ransomware.
“As the attack surface expands, vulnerability management has a central role to play in modern cybersecurity strategies. Unpatched vulnerabilities leave sensitive data and critical business systems exposed, and represent lucrative opportunities for ransomware actors,” said Renaud Deraison, co-founder and chief technology officer at Tenable.
Many organizations continue to use server software that is no longer supported, and ransomware gangs often target vulnerabilities in outdated server software. Ransomware gangs also exploit vulnerabilities in RDP and use brute force tactics to guess weak passwords.
It can be difficult for healthcare organizations to change software solutions and operating systems that are approaching end of life, but it is vital to upgrade to solutions that have active support or ensure that any software that is no longer supported is isolated and those systems cannot be accessed remotely. Locking down RDP and enforcing the use of strong passwords will also help to prevent ransomware attacks.
It is also important to address the second highest cause of healthcare data breaches. Email security solutions will prevent the majority of email attacks, but security awareness training for employees should also be provided regularly. One of the most important steps to take is to implement multi-factor authentication on all email accounts. It is often only after experiencing a phishing attack that healthcare organizations implement multi-factor authentication, but by being proactive, email account breaches can be prevented.
In a summer 2020 blog post, Microsoft explained that multi-factor authentication is the most important security solution to apply to block phishing attacks and will prevent 99.9% of attacks on email accounts.