Ransomware Attacks Increase: Healthcare Industry Most Heavily Targeted

Ransomware attacks are on the rise once again and healthcare is the most targeted industry, according to the recently published Beazley’s Q3 Breach Insights Report.

37% of ransomware attacks managed by Beazley Breach Response (BBR) Services affected healthcare organizations – more than three times the number of attacks as the second most targeted industry: Professional services (11%).

Kaspersky Lab, McAfee, and Malwarebytes have all released reports in 2018 that suggest ransomware attacks are in decline; however, Beazley’s figures show monthly increases in attacks in August and September, with twice the number of attacks in September compared to the previous month. It is too early to tell if this is just a blip or if attacks will continue to rise.

The report highlights a growing trend in cyberattacks involving multiple malware variants. One example of which was a campaign over the summer that saw the Emotet banking Trojan downloaded as the primary payload with a secondary payload of ransomware.

Emotet is used to steal bank credentials and has the capability to download further malicious payloads. Once credentials have been obtained, a ransomware payload is downloaded and executed. This twofer strategy has been adopted by several threat groups. The ransom demands can be considerable. One group demanded a $2.8 million ransom after an extensive infection that included the encryption of backups.

Beazley cites research conducted by Kivu Consulting that shows there has been an increase in the use of rough and ready ransomware variants that use powerful encryption to lock files yet lack the functionality to allow the full decryption of data. These attacks can see files remain locked even if a ransom is paid or the encryption/decryption process can result in file corruption and significant data loss.

These attacks show how critical it is for organizations to perform regular backups and to test those backups to ensure that file recovery is possible. Healthcare organizations should consider a 3.2.1 approach to backing up: Create three backup copies, on at least two different media, with one copy stored securely offsite.

It stands to reason that large organizations are an attractive target for cybercriminals. Large numbers of encrypted devices mean higher ransom demands can be issued. Large organizations are also more likely to have funds available to pay large ransoms, although they also have more resources to devote to cybersecurity.

Attacks on small to medium sized businesses are typically easier and this is reflected in Beazley’s figures. Out of the ransomware attacks that the BBR Services team have handled, 71% of victims were small to medium sized businesses.

The Breach Insights report shows that in contrast to most industry sectors, accidental disclosures are the leading type of breach in the healthcare industry and accounting for 32% of all data breaches in Q3, closely followed by hacks/malware incidents on 30%. Beazley notes that healthcare hacking/malware incidents have increased from 20% to 30% in 2018. 17% of breaches were caused by insiders, 9% involved the loss of physical records, and 6% involved the loss of portable electronic devices.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.