Cyberattacker Activity Beyond Ransomware: Healthcare Networks Prepare

Cryptonite, a leader in moving target cyber defense, announced the availability of its “2017 Health Care Cyber Research Report,” which shares the company’s findings on healthcare cyberattacker activity in 2017. “Cyberattackers target healthcare networks primarily for two primary reasons – to steal the medical records they contain or to extort ransom payments. Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud.” Healthcare institutions remain under sustained attack by cyberattackers that continue to target their networks through the use of well understood vulnerabilities.

The end of year research conducted by Cryptonite indicates:

• There were a total of 140 data breach events characterized and reported to HHS/OCR as IT/Hacking in 2017 representing a 23.89% increase over the 113 IT/Hacking events reported in 2016.
• The number of reported major IT/Hacking events attributed to ransomware by health care institutions increased by 89% from 2016 to 2017. This was an increase from 19 reported events in 2016 to a total of 36 events in 2017.
• In 2017 ransomware events represented 25% of all events reported to HHS/OCR and attributed to IT/Hacking.
• All 6 of the 6 largest IT/Hacking healthcare events reported in 2017 were attributed to ransomware.
• There were 3,442,748 records reported compromised in 2017, a substantial decrease from 13,425,263 reported compromised in 2016 as cyberattackers diversified their attacks against a broader mix of healthcare entities.

In past years, cyber criminals invested considerable time and effort in targeting the largest healthcare institutions as evidenced by the 2015 events impacting Anthem (78.8 million records), Premera Blue Cross (11 million records) and by the 2016 events impacting Banner Health (3.6 million records) and Newkirk Products (3.4 million records). This low hanging fruit has to some extent, been harvested and attackers are now increasingly turning their attention to the broader mix of health care entities.

The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyberattackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers and many other smaller yet critical healthcare institutions. This is the beginning of a trend that will increase very substantially in 2018 and 2019.

Internet of Things (IoT) devices in healthcare provides new and expanding opportunities for cyberattackers.

“Cyberattackers target healthcare networks primarily for two primary reasons – to steal the medical records they contain or to extort ransom payments. Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud. While 2017 was the year of ransomware, we are anticipating this already hard hit sector will feel the wrath of cyber criminals targeting the hundreds of thousands of IoT devices already deployed in healthcare. Internet of Things (IoT) devices are now ubiquitous in health care – they are already present in intensive care facilities, operating rooms and patient care networks.”  –  Michael Simon, President & CEO of Cryptonite

You can find the full report HERE.

2017 was a significant year for ransomware attacks. In the coming year, cyberattacker activity will branch out into new territories. Payers and Healthcare networks must stay ahead of trends to protect against cybersecurity threats. Click HERE for how BHM develops high level protection for your data, addresses the c-suite cyber-security concerns, and proves it with HITRUST CSF.