Ransomware attacks expected to increase significantly in year ahead
Across multiple sectors, ransomware attacks more than quadrupled in 2016, but nearly nearly half of those occurred in the healthcare sector. What’s more, such hacks are likely to double again this year.
That’s according to a recent report from Beasley Breach Insights, which noted that “evolving ransomware variants enable hackers to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the more valuable files.”
The report comes at a time when healthcare and information security executives are struggling to understand how best to protect against and react to ransomware attacks against the backdrop of an increasingly sophisticated threat landscape, and in the report the cybersecurity vendor outlined four steps that healthcare organizations can take to help protect their data: deploy prevention and detection tools, use threat intelligence services, train managers and employees on cybersecurity and threat awareness, and conduct risk assessments focused on identifying and protecting sensitive data.
According to a review of the report at HealthcareIT News, “unintended disclosure – misdirected faxes and e-mails or the improper release of discharge papers – led to 40 percent of data breaches in the healthcare industry in 2016, up from 30 percent in 2015,” but “in a sign that the industry might be improving defenses, hacks and malware accounted for only 19 percent of breaches in 2016, down from 27 percent in 2015.”
What’s more, a new report from the Herjavec Group points to the rise of bitcoin as a main cause of the steep rise in hack attacks.
“Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” said Matt Anthony, vice president of incident response at the Herjavec Group. “It’s a winning combination for organized crime – not necessarily Italians in smart suits and fedoras, either. There are large organized communities in China and Russia.”
As he sees it, the convergence of vulnerable legacy hardware and software systems and the emergence of connected health, Internet of Things devices that are not always built with security in mind, and the super-identity criminals can steal, all make healthcare more attractive to hackers than any other sector.
And hospitals, it is assumed, will pay, because they understandably need that data.
“Hospitals will pay, they’ll pay fast and they’ll pay what it takes to get data back,” Anthony said. “We ask people not to pay but sometimes there’s no alternative in healthcare.”