Recently, UF Health Central Florida became a victim of a ransomware attack that forced two hospitals to shut down portions of their IT network.
Healthcare providers process an extensive set of sensitive patient data that often tempts the prying eyes of cybercriminals. According to IC3 data analysis by Crowdstrike, healthcare-related losses for victims in the U.S. surged by a whopping 2,473% during 2020 as the COVID-19 pandemic swept through the world.
Turmoil in healthcare
In the past few weeks, we have witnessed attacks on healthcare facilities or services almost every other day.
- Last week, Scripps Health notified nearly 150,000 individuals about the theft of their personal data during the ransomware attack that hit the local healthcare giant a month ago.
- A few days before that, hackers behind the attack on Waikato District Health Board released private sensitive patient information to media outlets, possibly after a failed ransom negotiation.
- U.S. healthcare non-profit Rehoboth McKinley Christian Health Care Services (RMCHCS) blabbered the confidential data of 200,000 patients and employees in a data breach.
- The FBI warned against the Conti ransomware group that has launched at least 16 cyberattacks aimed at healthcare and first responder networks in the U.S. within the past year.
- The website of the Alaska health department was brought offline following a malware attack. The leak of any personal or confidential information has not yet been confirmed.
How bad is the situation?
Cybercriminals showed no mercy to the healthcare sector during this pandemic. In the past year, there were more than double the cyberattacks on healthcare compared to 2019, with ransomware accounting for 28% of all attacks.
- April 2021 onward, the healthcare sector was also among the most targeted with an average of 109 attack attempts per organization every week.
- Moreover, attackers unhesitantly leak stolen data if the negotiation falls out. For instance, North Carolina-based Allergy Partners experienced a leak of protected health information of patients for an incident from February as it decided not to pay the attackers.
Ray of hope
Ireland’s government is experimenting with a decryption tool that has been posted online to help healthcare facilities unlock IT systems compromised in ransomware attacks.
Patient data security is under huge threat. Since the onset of the pandemic, healthcare facilities have been severely impacted. Security experts have time and again advised security teams to implement better defenses against persistent threats, specifically now when ransomware gangs are working in tandem to cause maximum damage.