Published: May 10, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Healthcare systems continue to be a highly popular target for ransomware, phishing, and other malware attacks. These crimes have grown steadily over time, with a study by Bitglass showing a 55% increase in healthcare attacks in 2020 alone. The pandemic has increased and incentivized these attacks, with bad actors taking advantage of hospitals, healthcare providers, and patients who are more vulnerable than ever before. Security agencies in the U.S. have released warnings to all involved to be aware of malicious activity and to report these crimes immediately.
26 Million PHI Records Stolen
Bitglass also discovered that in the U.S., the protected health information (PHI) of nearly 26 million people has also been compromised. The stolen PHI can contain a cache of personal information like names, email and physical addresses, phone numbers, sensitive health records, Social Security numbers, and payment information. In short, anything and everything needed for a wide range of cyberattacks has been stolen.
240 Million Attempted Healthcare Attacks
VMware Carbon Black researchers found that last year, there were nearly 240 million attacks attempted against healthcare. Cybercriminals find ways into healthcare systems, typically by finding a security system weakness, or the overall hacker favorite, email phishing. Hackers use pandemic lures effectively, especially in the email subject line. Their goal is to manipulate targets into opening and acting on them, including the malware attachments and infected links most carry.
28% of All Healthcare Attacks are Ransomware
Unfortunately, it’s a short hop from a successful phishing email campaign to installing malware on healthcare systems. Much of the malware installed includes ransomware, a potentially ruinous malware that cripples systems by encrypting, or locking-up data until a ransom demand is paid. A report by IBM X- Force found in 2020, 28% of all cyberattacks against healthcare were ransomware. The Bitglass report found the healthcare industry now has an average data breach recovery time of 236 days, the most expensive downtime of all industries. It also holds the record for the longest amount of time, 96 days on average, to identify breaches have occurred.
There are ways to help prevent and recover from ransomware and other attacks, and healthcare should be on the forefront of them all. Just a few of these practices include: backing-up system data on a regular basis and keeping backup copies out of Internet access; ensure the latest software and systems are being used and are immediately updated with the latest versions when available; ongoing employee education, including for those at the top, can help prevent phishing emails and other scams from being acted upon. Educated employees can be the best defense to ransomware and other malware attacks. A cyber-smart staff can be invaluable to any organization, as they’re often at the front lines of business and can help prevent cyberattacks before they start.
Phishing Email ID Reminders:
Misspelled words, poor grammar and punctuation, improper use of the language.
Sense of urgency that something bad will happen if immediate action is not taken
Unexpected links or attachments
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org