New Data Shows Magnitude of Ransomware Attacks on the Healthcare Industry

The CyberPeace Institute has published new information on cyberattacks in the healthcare sector. As per the most current stats, 295 cyberattacks are identified to have been done on the healthcare market in the earlier 18 months from June 2, 2020, to December 3, 2021. The attacks were happening at a rate of 3.8 every week and have transpired in 35 countries.

Those attacks comprise 263 incidents that were either affirmed as ransomware attacks (165) or are thought of concerning ransomware (98), with those attacks transpiring in 33 nations at 3.4 cases each week. In the last 18 months, no less than 39 different ransomware groups have performed ransomware attacks on the healthcare sector. Those attacks have primarily affected patient care services (179), and also pharma (35), medical manufacturing & development (26), and other healthcare agencies (23).

The CyberPeace Institute examined darknet publications, messages with ransomware groups, and interviews and discovered 12 ransomware gangs that had explained they would not carry out attacks on the healthcare industry during the pandemic, but still went on to attack medical companies, with no less than 6 of the 12 having performed attacks on hospitals.

The meaning of healthcare utilized by the gangs may differ from what a lot of persons would think to be medical care. For example, though all 12 of the ransomware groups stated they wouldn’t target hospitals, many employed obscure terminologies to describe healthcare, for example, medical companies. Although that may indicate all healthcare was off-limits, numerous gangs deemed the pharmaceutical market to be fair game, given that pharma corporations were making money throughout the pandemic.

Three ransomware operations said errors were made and healthcare companies were attacked by mistake. They mentioned publicly that whenever a mistake is done, the keys for file decryption would be provided without cost. Nevertheless, there were incidents where there was a question in relation to whether a company was thought to be in the gangs’ description of exempt institutions.

It needs to be said that if an attack comes about and files are encrypted, the harm is already carried out. Regardless of whether the keys to decrypt data are given at no cost, the attacked agencies still experience trouble with business procedures and patient services. The method to recover information using backups is not a speedy process and attacked companies still must cover considerable mitigation expenses. 19% of attacks were established as leading to canceled visits, 14% had patients redirected, and 80% had experienced the compromise or a leak of sensitive data files.

The CyberPeace Institute explained certain threat actors have particularly focused on the healthcare industry. One example was someone from the Groove ransomware operation who was actively searching for first access brokers who may offer access to healthcare systems. The Groove ransomware operation got the greatest proportion of healthcare targets compared to other industries as indicated in its data leak portal.

Information from Mandiant has pointed out that 20% of ransomware sufferers belong to the healthcare industry, meaning the industry is being widely focused on. The FIN 12 threat actor is recognized to target the healthcare market, and ransomware operations for instance Pysa, Hive, and Conti have large percentages of healthcare institutions in their databases of victims (4%, 9%, and 12% respectively).

Though there were some targeting of the medical care segment, a number of ransomware gangs make use of spray and pray strategies and indiscriminately perform attacks that end in the attack of healthcare providers being attacked as well as all other sectors. These attacks usually entail attacks on Remote Desktop Protocol (RDP), brute force attacks, or indiscriminate phishing campaigns to guess poor passwords.

Whether or not the attacking of healthcare companies is due to error, design, or carelessness, ransomware operators are working with impunity and are de facto determining which establishments make up legit targets and what is excused. Their basic distinctions overlook the complexities and inter-relation of the healthcare field, in which targeting pharmaceutical companies throughout a pandemic can have an equally upsetting human impact as attacking healthcare companies.