Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Cybercriminals are becoming skilled at using legitimate tools to launch more severe, weaponized ransomware attacks on healthcare providers. In addition, they’re avoiding detection by relying on Living off the Land (LotL) techniques that turn attacks into a prolonged digital pandemic. Using native Windows and standard remote-management tools, malicious ransomware actions blend in undetected with regular system admin activity. As a result, there has been a 94% increase in ransomware attacks targeting healthcare in the last year alone.
Sophos’ recent study, “The State of Ransomware in Healthcare 2022,” finds a 69% jump in the volume of cyberattacks and a 67% increase in their complexity just this year. Another survey found 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. One in four employees knows someone who has sold access to patient data to outsiders. It’s no surprise that insiders initiate 58% of all healthcare breaches. IBM’s recent data breach report found that 83% of all enterprises interviewed have experienced more than one breach; among the most significant factors are remote work and internal employees willing to sell their privileged access credentials.
Healthcare ransomware: An accelerating digital pandemic
Healthcare providers are prime targets for ransomware attacks because they often spend less than 10% of their IT budgets on security, and patient data is often used for launching fraud and identity theft. Accellion’s paying an $8.1 million settlement in January, the CaptureRX cyberattack that affected 17 hospitals, and the Scripps cyberattack that impacted five hospitals and 19 outpatient facilities costing an estimated $106.8 million quantify how severe this digital pandemic is.
So far in 2022, there have been 368 breaches affecting 25.1 million patients, according to the U.S. Department of Health and Human Services HHS Breach Portal. 206 of the breaches started with the network server being compromised with malware, and 95 started via email phishing and privileged credential abuse.