This post is also available in: 繁體中文 (Chinese (Traditional)) 日本語 (Japanese)
According to the 2021 Unit 42 Ransomware Threat Report, the healthcare sector was the most targeted vertical for ransomware in 2020. The report noted that ransomware operators likely targeted the sector, knowing that healthcare organizations were under enormous pressure from an influx of COVID-19 patients. They could not afford to have their systems locked out and thereby would be likely to pay a ransom. In May 2021, the FBI issued an alert stating that the Conti ransomware group, which had recently taken down Ireland’s healthcare system, had also attacked at least 16 healthcare and first-responder networks in the U.S. the previous year.
The research firm, Comparitech, tracked more than 92 individual ransomware attacks in the U.S. healthcare sector in 2020 — a 60 percent increase over the previous year. This affected more than 600 clinics, hospitals and organizations, including more than 18 million patient records. Estimated costs of these attacks reached nearly $21 billion. We have concluded that threat actors target healthcare organizations based on several factors:
Let’s assess what the healthcare threats cited earlier and what that suggests about these organizations’ defensive postures and the threat actors who target them.
First, ransomware relies on an organization’s need to keep core systems up and running. Applications such as EMR and PACS are most critical as they are used 24/7 for the purposes of accessing patient records, which contain vital information around disease, medication, etc. Not having access to these applications inhibits the ability to provide patient care. The healthcare sector is hardly the only sector that has a continuous operations imperative. Ransomware is also waged heavily against other sectors that require continuous operations.
Threat actors are motivated by financial fraud. They typically exploit the invoicing process, take over email accounts and pose as a legitimate executive or staff member to authorize payments, then divert funds to their own accounts. Healthcare organizations frequently send and receive invoices for expensive medical services, solutions and technology. Cybercriminals see healthcare organizations as an opportunity to potentially steal significant monetary assets from organizations and patients alike.
Finally, the inadvertent disclosure of data, such as accidentally exposing sensitive data stored in an internet-facing cloud database or internet application, can (and does) affect any industry. Healthcare organizations have increasingly embraced cloud computing and third-party solutions to keep up with business demands and medical innovations. Despite seeming to be outsourced, these solutions and providers require diligent application of organization-side security controls and monitoring. Cortex Xpanse typically finds customers have at least 30% more assets than they realize. As complexity increases, so does the attack surface. Threat actors are continuously scanning for any opportunity to make a move, and because healthcare is a desirable target, these opportunities are likely to be discovered and exploited if not found and addressed.
There are many best practices to secure against these threat tactics, including employing advanced, capable products, such as Next-Generation Firewalls (NGFW) with machine learning and Extended Detection and Response (XDR) platforms.
Besides having proper backups and IR processes in place, below are our top 10 recommendations to defend against a range of threats:
Some sectors receive more targeted attacks than others, and the more often threat actors are successful, the more often the attacks will occur. Part of threat actors’ targeting strategy is to use tactics that are most likely to earn financial rewards and be successful, and for that reason, healthcare is bearing much of the brunt of ransomware, business email compromise (BEC) and inadvertent disclosure-related attacks.
Ransomware, in particular, is the top threat for healthcare organizations and ransomware operators now use double-extortion tactics that combine data exfiltration on top of encrypting data using data disclosure to force payment from organizations that may have proper backup and IR processes in place to quickly recover.
Ensuring that healthcare organizations are attentive to their end-to-end security needs is not only essential, it is increasingly imperative during times of health crisis like the COVID-19 pandemic. Learn about our cyber incident response and protection for healthcare organizations.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.