Here’s How Ransomware Attacks Against Healthcare Organizations Have Picked up in the Last Three Years

  • The ransomware attacks on the healthcare sector have increased by 33% between 2016 and 2016.
  • Around 70% of these attacks had impacted small healthcare providers.

Ransomware attacks against healthcare sectors have surged in the last three years and a majority of these attacks have been reported by those organizations that have less than 500 employees.

According to a latest report from RiskIQ, the ransomware attacks on the healthcare sector have increased by 33% between 2016 and 2016. Around 70% of these attacks had impacted small healthcare providers and the prime reason is that these firms have an increased likelihood to pay ransom demands.

What are the attack vectors?
The researchers observed some 237 strains of ransomware detected since 2015 and found that they fall into one of the several subcategories: encryption ransomware, lock screen ransomware, master boot record ransomware, ransomware encrypting web servers, and mobile-device ransomware.

These ransomware variants were executed using a variety of techniques. One such notable attack vector was by exploiting the Windows Server Message Block (SMB) protocol. The vulnerability was exploited during the 2017’s WannaCry attack that had affected several medical organizations across the globe.

Apart from SMB vulnerabilities, researchers also highlighted that vulnerable Remote Desktop Protocol (RDP), phishing emails, and exploit kits were also being increasingly used in various ransomware attacks in the last three years.

“RDP attacks take advantage of security flaws in the implementation of RDP-enabled machines. By default, RDP runs over Port 3389, so attackers will scan the internet to identify publicly-facing devices listening on that port,” noted the researchers.

On the other hand, clicking on malicious email could initiate the download of exploit kits that are designed to leverage specific vulnerabilities.

How vicious are ransomware attacks?
From the total cases analyzed between 2016 and 2019, the average ransom demand stands at $59,000. However, the amount does not include downtime and recovery costs. Some 16% of the affected institutions paid the ransom.

As noted by the FBI, Microsoft, and others, paying the ransom should be a last resort as 50% of recovery decryption keys are effective. However, this can, at times, pain in the neck of several small medical centers as a ransomware attack can have a serious impact on patient safety, with data showing victims can expect to see as many as 36 additional deaths per 10,000 heart attacks each year.

How to tackle it?
Backing up data may no longer be enough to restore systems infected with ransomware. As hackers have expanded their attack processes and tools, healthcare firms are required to have a strong and practiced incident response plan to reduce the impact of ransomware attacks.